Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
290
Views
1
Helpful
3
Replies

Cisco ASA DAP Username Match.

ekatso
Level 1
Level 1

‎07-26-2024 04:38 AM

We have DAP based on Cisco Username to allow different access but if users put a suffix they are still authenticated BUT the DAP is not matches anymore.

example:

user1

user1@domain.com

Any Ideas on how to do a regex on Usernames?????

 

 

Labels:
3 Replies 3

tvotna
Spotlight
Spotlight

‎07-29-2024 06:49 AM

In the very past there was a "group-delimeter" and "strip-group" ASA CLI which was used for Cisco IPSec Client to strip suffix before passing the username to AAA. Not sure if this works for AnyConnect.

For DAP you can achieve everything you want with Lua: http://www.lua.org/docs.html

 

0 Helpful

ccieexpert
Spotlight
Spotlight

‎07-29-2024 09:17 AM

can you show your dap policy ? are you matching on username or username@domain.com ?

0 Helpful

MHM Cisco World
VIP
VIP

‎07-29-2024 12:01 PM - edited ‎07-29-2024 12:02 PM

You add two username in one DAP?

Can you share 

Debug dap trace 255

MHM

0 Helpful
Customers Also Viewed These Support Documents