cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
247
Views
0
Helpful
1
Replies

Multiple match in Cisco ASA DAP for AD groups 2023

debbiebeitler
Beginner
Beginner

I see that DAPs get concatinated in 'Test dynamic policy' in ASDM

The problem I am having is the order to which they are applied.

In the first ACL, there are specific "allows" to several servers in the 10/8 address space.

In the second ACL, there is a specific deny to 10/8 to block the rest of the space.

Not matter what I do to try and change the way they're listed, running "Test..." always shows the 2nd ACL before the 1st.  And attempting to go to the allowed servers in the first ACL get's denied.  

How does the ASA determine an ACL order when you have an LDAP user that is in two AD groups?

 

1 Accepted Solution

Accepted Solutions

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @debbiebeitler,

I've never tried this, but I would imagine that DAP priorities can help you here. I found this guide which might be useful. As I can see from this guide, bultind an ACL from multiple DAP is quite specific, so you might want to go through this and read it.

Kind regards,

Milos

View solution in original post

1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @debbiebeitler,

I've never tried this, but I would imagine that DAP priorities can help you here. I found this guide which might be useful. As I can see from this guide, bultind an ACL from multiple DAP is quite specific, so you might want to go through this and read it.

Kind regards,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: