DAP rule for ezvpn remote

Unanswered Question
Dec 14th, 2009
User Badges:

Hi,


I am currently using ezvpn for branch office and remote access and I have a plan to deploy SSL vpn.

The device i use is ASA5510.


At the same time i deploy SSL vpn, I will start using DAP.


My question is what kind of DAP rule i should create for ezvpn remote.


I fould out the way for ezvpn client in the thread below.

(select "application" endpoint attribute type and set the "client type" to "IPsec".)


https://supportforums.cisco.com/thread/255314;jsessionid=9D14A1315618488A914DE8DB621470A3.node0?tstart=-1


Does this work with ezvpn remote as well?


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
taroyamada9999 Thu, 12/17/2009 - 18:41
User Badges:

I think I need to give some additiona information.


Since I currently do not use DAP, ezvpn remote and client is allowed to communicate by default DAP record which is DfltAccessPolicy.

After depolying SSL VPN, I would like to use DfltAccessPolicy to block the session. (like an "implicit deny all" in ACL)

I belive usually DfltAccessPolicy is used in this way..


That means I need to create another DAP rule for ezvpn remote and client to prevent being blocked.


My question is what kind of attribute I need to look at to allow ezvpn remote.


Thanks in advance.

Actions

This Discussion