01-19-2018 03:20 AM - edited 03-12-2019 04:55 AM
I am trying to configure the DAP policy to check the registry for domain values. the person connecting can only connect from certain domains. It works if I only have one endpoint. If I add multiple endpoints it fails.
It seems like instead of treating the entries as Match-Any (OR) it is being treated as Match-All(AND).
So has anybody had success with using multiple registry scans
01-19-2018 05:36 AM
Hello @snormoyle,
In order to know what is happening with the DAP check on the ASA, we need the outputs from the following commands:
debug dap trace
debug menu dap 2
After you apply the commands try to connect and share the outputs here. Do the previous tests you already did.
HTH
Gio
01-19-2018 07:06 AM
Not sure if can upload the output of trace. waiting on the security group to think about it. I have attached the screenshot from ASDM showing it.
If i use just one endpoint entry this works fine, but when I put multiple endpoint entries it will terminate the connection even though a user is coming from an authorize domain.
01-19-2018 12:31 PM
Hello @snormoyle,
In order to know what is the ASA doing when you try to log in is with the outputs of the commands I presented before, without it this task is impossible, since we are not going to be able to check what is the ASA doing with information received by the machine (if it is received).
If for security reasons you cannot upload the outputs for the commands, in my honest opinion (I don´t want to be rude) but I would recommend to open a case with Cisco TAC and review the information with them. With the outputs you can do the following:
1. Verify if the ASA is receving the information from the machine.
2. Verify the syntax of the DAP you configured on the ASA.
3. Verify how the ASA checks what he received from the machine vs DAP.
4. Check the reason why it is not working and apply changes accordingly.
Without the debugs, it is virtually impossible.
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide