05-16-2016 01:00 PM
I'm not finding a good answer to my question...
I'm curious about DAP policies. I have several connection profiles/group policies. I'd like to configure DAP policies that apply only to certain group policies, and not every group policy - for example, internal users would have different DAP policy than external.
I'm not having good luck finding an answer to whether or not that's possible and if so, how to make it happen.
Mind you, I'm not well versed on ASDM.
05-17-2016 01:14 PM
Yes, that is possible. You can match on lots and lots of different parameters.
05-19-2016 07:48 AM
Well here's what I have and what I want to do:
Internal and external users, internal obviously in AD, external are not. We authenticate using radius (RSA). All VPNs terminate on the same ASA pair.
In AnyConnect I have several connection profiles matched with group policies. What I'd like to do is leverage DAP to say "if you're an internal user, you connect using connection profile/GP A or B, if you're an external user, C or D. If you connect to either A or B your PC must belong in the AD domain, otherwise drop. If you connect to C or D, doesn't matter, those are for external users."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide