Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
0
Replies

How to Bind DAP Policy to Tunnel Group for AnyConnect

moha27med
Level 1
Level 1

‎05-15-2025 04:27 AM

Hi all,

I'm trying to configure an AnyConnect VPN profile on ASA to allow access only to corporate-owned devices. The condition is that the device must be joined to the domain — otherwise, it should be denied VPN access.

I created a Dynamic Access Policy (DAP) with a HostScan check for domain membership. However, I'm unsure how to bind this DAP to a specific tunnel group (for example, VPN-CORP-SECURE). I don’t want to affect other existing profiles or tunnel groups.

Could someone please guide me on:

  • How to properly associate the DAP with the desired tunnel group?

  • Whether this is done via general-attributes or webvpn-attributes?

  • Any recommended best practices to avoid impacting other users or profiles?

Thanks in advance!

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents