cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1059
Views
5
Helpful
11
Replies

DAP vs cut through proxy

Amadou TOURE
Level 1
Level 1

Hello,

I've configured, in my ASA 5550, cut through proxy with IAS/AD for internal users browsing the Internet and the feature works well.

As soon as I deployed the remote access VPN config which's working with DAP, the cut though proxy stopped working.

Users got error message (error:Dynamic access policy not continue.

How can I disable http request handling by DAP, I want to use DAP and cut though proxy separately.

Thanks for your hints

11 Replies 11

Ivan Martinon
Level 7
Level 7

This is Odd, DAP asks you to choose the application that it will be used for, in your case IPSEC, did you choose this application?

Hi,

For now I removed all policies and I just have the default Access policy and there's no application for it.

Thank you.

So is it working now or not?

you have to configure the default action to continue to make it work.

when you configure the default action to terminate the error message is displayed.

Do you have a link or a document that explain how to configure DAP without interfering with cut through proxy ?

Thank you.

Yes, and DAP has a default action enabled by default which action is to continue, I don't think there are docs explaining how to integrate both but again using the application type you can restrict it to

cut-through or IPSEC.

https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Thank you...I'll remake my test based on your suggestions.

Best regards

Hello,

I want to use DAP with a ipsec VPN client and whenever I create a dynamic policy in CSM, I receive a message asking to activate CSD.

How can I use DAP without CSD ?

Thanks

I have not done it via CSM before, are you on the right section?

Yes, CSM 3.2.1 allow you to configure DAP but not the 3.2 version.

How to configure the application in ASDM ? I didn't see a field for the application.

ASDM 6.0 should have it under SVC Anyconnect section for remote access, but worry not that does not mean it applies anything to the SVC or anyconnect just seems they find no better place to put it, there is another section which I don't have on top of my head right now.

OK, I'll test it and let you know.

thank you very much

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: