Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

ASA - anyconnected using dap - secured routes?

watcher60
Level 1
Level 1

‎05-13-2014 12:37 AM

All,

  I am trying to configure dynamic access policies on a ASA 5050 running 9.4.1., using split tunnelling. While I can see the acl being applied is being applied as I am using split tunnelling what I am looking to achieve is also the same acl being applied by dap to be applied to the split tunnelling/secured routes. The goal is to only route the traffic being allowed by the dap acl via the anyconnect vpn connection.

All the examples for dap do not appear to touch on the split tunnelling/secured routes - can anyone advise

 

  1. Is it possible to have the split tunnelling/secured routes built dynamically from the acl being applied by dap?
  2. If so can someone share an example config (or steps via the asdm) to achieve this?
  3. If this is not possible are there any suggested workarounds/alternatives to achieve this.

thanks in advance

Matt

Labels:
0 Helpful
1 Reply 1

watcher60
Level 1
Level 1

‎05-13-2014 07:09 AM

For anyone that does come across this post looking for the solution unfortunately it appears that cisco have not addressed this and has been around since 2007 ish. Seems like a fundamental flaw in dap (especially as it them appears to always select the default grp policy so you cannot even select a different group policy based on the dap results - unless anyone can correct me here)

 

https://supportforums.cisco.com/discussion/11202696/split-tunneling-based-dynamic-access-policy?tstart=2640

https://tools.cisco.com/bugsearch/bug/CSCsi54718

0 Helpful
Customers Also Viewed These Support Documents