Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
2
Replies

DAP policies

richard.schultz1
Level 1
Level 1

‎05-16-2016 01:00 PM

I'm not finding a good answer to my question...

I'm curious about DAP policies. I have several connection profiles/group policies. I'd like to configure DAP policies that apply only to certain group policies, and not every group policy - for example, internal users would have different DAP policy than external.

I'm not having good luck finding an answer to whether or not that's possible and if so, how to make it happen.

Mind you, I'm not well versed on ASDM. 

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-17-2016 01:14 PM

Yes, that is possible.  You can match on lots and lots of different parameters.

0 Helpful

richard.schultz1
Level 1
Level 1
In response to Philip D'Ath

‎05-19-2016 07:48 AM

Well here's what I have and what I want to do:

Internal and external users, internal obviously in AD, external are not. We authenticate using radius (RSA). All VPNs terminate on the same ASA pair.

In AnyConnect I have several connection profiles matched with group policies. What I'd like to do is leverage DAP to say "if you're an internal user, you connect using connection profile/GP A or B, if you're an external user, C or D. If you connect to either A or B your PC must belong in the AD domain, otherwise drop. If you connect to C or D, doesn't matter, those are for external users."

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents