We have an ASA 5505 and its configured to use a Freeradius server that authenticates against openLDAP. I'm trying to configure Dynamic Access Policies to restrict access based upon what group a user belongs to. In LDAP I have an attribute called vpnaccess with values "systems" and "common". I've created an LDAP Attribute Map mapping the vpnaccess to `Cisco IETF-Radius-Class', mapped the two attribute values to Cisco Attribute Values. I think this is where I get hung up. I created a DAP policy with a AAA Attribute: Radius.25 = vpnAccess. When I connect it doesn't select my DAP policy but falls through and selects the DflltAccessPolicy which I have configured to terminate the connection.
In ASDM under DAP I run Test Dynamic Access Policies...
it selects the correct DAP policy "CiscoMapPolicy", but when I use a client it runs the DfltAccessPolicy.
LUA session data tables:
endpoint.application.clienttype = AnyConnect
aaa.radius.25 = vpnAccess
aaa.radius.1 = vpnAccess
aaa.radius.4242 = vpnAccess
aaa.cisco.username = user-name
aaa.cisco.tunnelgroup = TGIVPN
aaa.ldap.memberOf = systems
aaa.ldap.vpnAccess = systems
Selected DAP records
The DAP policy contains the following attributes for user:
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...
Firewalling will be a critical step for organizations to better align security with changing business and networking needs. Cisco has been hard at work building an integrated security platform with our firewall at the foundation to enable businesses to ma...
Discover the value of SecureX A new Forrester Total Economic Impact™ study commissioned by Cisco reveals that a composite organization using Cisco SecureX can see up to 90% reduction in analyst effort per incident by adopting an integrated approach t...
Dear Cisco Community,we recently published the new Secure Endpoint Best Practices Guide on cisco.com. It includes a wide range of useful information how a Cisco Secure Endpoint installation should be planned, deployed and maintained. The guide is useful ...