I'm tying to figure out how to migrate from IPSec to Anyconnect. I have successfully configured Anyconnect to work although not the way i'd like. With IPSec i'd have 1 profile for all of our staff and seperate individual profiles for vendors that needed certain access to servers or ther networks. Since we started looking at Anyconnect we enabled LDAP on the ASA. My question is how can i assign a single user an ACL which only allows them access to one server or device? I created a DAP but i only see where i can add AD groups, not individual users.
No, license has nothing to do with the issue. License will allow you only 2 concurrent SSL connections at the moment.
Looks like you are matching on LDAP.username on the DAP policy. Please match on "Cisco" username, instead of "LDAP" username on the DAP policy.
From DAP, you can use "AAA Attribute Type": Cisco, and match on "Username".
Alternatively, you can place the user into a different LDAP group, and configure a different group-policy for the specific access.
Hope it helps.