07-01-2022 02:37 AM
Hello,
I have a ISE DACL Over ASA VPN deployment. There are many DACLs that are assigned to users with a certain AD group membership when they hit our ASA via SSL VPN. How can I see a dACL on ASA CLI if a user is not connected? In the "show access-list" output looks like there are only entrys with dACL that are currently used.
I want to see what dACL are deployed and also the hitcounts.
Thank you!
Solved! Go to Solution.
07-01-2022 03:57 AM
07-01-2022 04:48 AM - edited 07-01-2022 04:48 AM
The dACLs will be pushed during the users authorization process, which means they won't exist on the firewall until the user is authenticated and authorized. Once the user is authenticated and authorized you can verify what dACL has been pushed to that session by using the traditional command "show vpn-sessiondb detail anyconnect", you can filter the command to look at a specific user if needed. The dACL will show up in the "Filter Name" field. To see the content of that dACL you can use the command "show access-list <the exact name you see with the previous command>". Also, please remember that the dACLs will be vanished once the interested sessions are torn down.
07-01-2022 03:57 AM
07-01-2022 04:48 AM - edited 07-01-2022 04:48 AM
The dACLs will be pushed during the users authorization process, which means they won't exist on the firewall until the user is authenticated and authorized. Once the user is authenticated and authorized you can verify what dACL has been pushed to that session by using the traditional command "show vpn-sessiondb detail anyconnect", you can filter the command to look at a specific user if needed. The dACL will show up in the "Filter Name" field. To see the content of that dACL you can use the command "show access-list <the exact name you see with the previous command>". Also, please remember that the dACLs will be vanished once the interested sessions are torn down.
07-06-2022 12:54 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide