I have configured my ASA with a Dynamic Access Policy, so that Remote Access VPN users are allowed into the network (a single LAN) if they are members of the Active Directory user group VPNUsers. This works fine.
If I switch off the LDAP server I want the LOCAL database to be used to authenticate users just in case - and this does not appear to be working at the moment
I have set up the AAA server group with a fallback to LOCAL and changed the Default Access Policy to Terminate. Should I simply change the Default Access Policy back from "terminate" to "continue" to allow the LOCAL database to be interrogated, or will this also let in people who aren't members of the Active Directory group as well. This is a live box, so experimentation is rather awkward!
Thanks!