09-29-2023 10:26 AM
Having trouble logging which ACLs are applied when an AnyConnect user connects to the ASA.
When a user matches more than a single DAP, the ASA logs show which ACLs are applied.
"User 'aaa-acl' executed the access-list...."
When a user only matches a single DAP, No 'aaa-acl' entries.
For one DAP in particular, it logs differently: Group xxx user yyy IP zzz User ACL xxx from AAA ignored, AV-PAIR ACL used instead
The configurations of the DAPs appear to be the same. Don't know why one references an AV-PAIR.
If the user matches that same DAP, and at least one more, the 'aaa-acl' log entries are made.
Need a consistent way to log, or somehow troubleshoot ACL issues. Regardless of how many DAP matches a user might match.
10-03-2023 09:22 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide