Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
1
Replies

Multiple match in Cisco ASA DAP for AD groups 2023

Go to solution
debbiebeitler
Level 1
Level 1

‎09-18-2023 11:01 AM

I see that DAPs get concatinated in 'Test dynamic policy' in ASDM

The problem I am having is the order to which they are applied.

In the first ACL, there are specific "allows" to several servers in the 10/8 address space.

In the second ACL, there is a specific deny to 10/8 to block the rest of the space.

Not matter what I do to try and change the way they're listed, running "Test..." always shows the 2nd ACL before the 1st.  And attempting to go to the allowed servers in the first ACL get's denied.  

How does the ASA determine an ACL order when you have an LDAP user that is in two AD groups?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-19-2023 06:27 AM

Hi @debbiebeitler,

I've never tried this, but I would imagine that DAP priorities can help you here. I found this guide which might be useful. As I can see from this guide, bultind an ACL from multiple DAP is quite specific, so you might want to go through this and read it.

Kind regards,

Milos

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-19-2023 06:27 AM

Hi @debbiebeitler,

I've never tried this, but I would imagine that DAP priorities can help you here. I found this guide which might be useful. As I can see from this guide, bultind an ACL from multiple DAP is quite specific, so you might want to go through this and read it.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents