we have some users who use umts to connect to our vpn service. the big problem we have is when they are in othercoutries and the get a windows update. is there a way to use dap and "see" the connection type?
or does someone have an other solution?
I don't think DAP (or any other ASA feature) can detect what kind of internet access is being used.
But I'm not sure I understand what the problem is that you wanted to solve that way, can you please clarify?
the problem we have is that when people are working in other countries and they are using their umts device, we don't want them to get windows update if they are connected via vpn. this because the data costs per mb are very high.
ok, I guess there is not really an easy way to achieve this.
The closest things I can think of are:
IF you enable CSD (Cisco Secure Desktop - a licensed feature) and
IF the users always connect from the same ISP (or limited set of ISPs) and you can find out which IP range that ISP uses.
Then you can define a "pre-login-policy" that matches on IP address of the client, and use that "location" in a DAP policy.
You could create a seperate Tunnel-group (connection profile in ASDM terms) and tell the users to use that group when they connect from abroad.
Probably not entirely what you wanted, but maybe it helps?
I didn't think about a second tunnel group which you can choose, the only problem I can think of is that our acs sends out the group policy and this seems to overrule the tunnel group settings