Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
5
Replies

Prelogin Configuration / Host Scan

Go to solution
MaDe
Level 1
Level 1

‎09-10-2012 05:22 AM

Good day Community,

I configured Anyconnect and Clientless VPN successfully on our ASA 5510.
Now I will assign a Prelogin Policy and DAP. But I struggle of managing Clientless and Anyconnect polices.

The senario is very simple....

check if the client is in the domain example.local

if yes establish a Anyconnect session
if not go to the SSL portal.

Is there anyway to setup this with the prelogin policy?

Thanks for your Feedback!
Brgds Markus

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-10-2012 06:00 AM

Hi Markus,

You need to configure the pre-login policy and apply it to a DAP. Then in the DAP specify the access method:

DAP.bmp

Keep me posted.

Portu.

Please rate any post you find useful.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-10-2012 06:00 AM

Hi Markus,

You need to configure the pre-login policy and apply it to a DAP. Then in the DAP specify the access method:

DAP.bmp

Keep me posted.

Portu.

Please rate any post you find useful.

0 Helpful

Go to solution
MaDe
Level 1
Level 1
In response to Javier Portuguez

‎09-10-2012 06:33 AM

Hi Portu,

ok so you mean I have to configure only the domain check in the prelogin ploicy. And then I select what to do in the DAP Access Method -> if yes -> AnyConnect

                        -> if no -> Webportal

Correct ?

Brgds Markus

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to MaDe

‎09-10-2012 06:40 AM

Hi Markus,

That is correct.

Portu.

Please rate any post you find useful.

0 Helpful

Go to solution
MaDe
Level 1
Level 1
In response to Javier Portuguez

‎09-10-2012 07:09 AM

Ok thanks. So if I have two groups e.g. sales and marketing, I have to create four DAP rules.

Sales     -> anyconnect

             -> clientless

Marketing -> anyconnect

               -> clientless

Brgds Markus

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to MaDe

‎09-10-2012 07:23 AM

Hi,

The how, depends on you.

I would suggest to have only two, one for AnyConnect and another one for WebVPN.

Then you can define a specific criteria which includes both profiles and the specific pre-login policy.

Let me know.

Portu.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents