Smart tunnel access using a dynamic access policy

Unanswered Question
Mar 5th, 2009
User Badges:

Is there a way to define a smart tunnel list to a specific dynamic access policy.

I need to tunnel different applications depending upon the group users are assigned to within AD. Since the DAP seems to use the DftGrpPolicy, I do not want to define the smart tunnel list on that policy since it would hand it out to all users, but I have been unable to find where this can be added.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Wed, 03/11/2009 - 14:54
User Badges:
  • Silver, 250 points or more

Dynamic access policies (DAP), a new feature introduced in software release v8.0 code of the Adaptive Security Appliance (ASA), enable you to configure authorization that addresses the dynamics of VPN environments. You create a dynamic access policy by setting a collection of access control attributes that you associate with a specific user tunnel or session. These attributes address issues of multiple group membership and endpoint security.

williamelkin Thu, 05/14/2009 - 07:38
User Badges:

Have you figured this out. I am tring to do the same thing.

rluyster Thu, 05/14/2009 - 08:24
User Badges:

Sorry to say, but no, I finally set it up to start all the STs on the default policy, not the best solution, but at least it works.

gabrielcossette Fri, 08/05/2011 - 09:07
User Badges:


I'm also trying to do the same thing on the latest ASA 8.4 without success.

Anyone knows if Cisco is planning to add that feature later on?



This Discussion