Smart tunnel access using a dynamic access policy

Unanswered Question
Mar 5th, 2009

Is there a way to define a smart tunnel list to a specific dynamic access policy.

I need to tunnel different applications depending upon the group users are assigned to within AD. Since the DAP seems to use the DftGrpPolicy, I do not want to define the smart tunnel list on that policy since it would hand it out to all users, but I have been unable to find where this can be added.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Wed, 03/11/2009 - 14:54

Dynamic access policies (DAP), a new feature introduced in software release v8.0 code of the Adaptive Security Appliance (ASA), enable you to configure authorization that addresses the dynamics of VPN environments. You create a dynamic access policy by setting a collection of access control attributes that you associate with a specific user tunnel or session. These attributes address issues of multiple group membership and endpoint security.

rluyster Thu, 05/14/2009 - 08:24

Sorry to say, but no, I finally set it up to start all the STs on the default policy, not the best solution, but at least it works.

gabrielcossette Fri, 08/05/2011 - 09:07


I'm also trying to do the same thing on the latest ASA 8.4 without success.

Anyone knows if Cisco is planning to add that feature later on?



This Discussion