I am configuring cisco ASA anyconnect with AD authentication. Problem is that when I put user into the AD Group and than map this AD group to connection profile using DAP (Dynamic Access Policy) user can authenticate successfully and vpn is connected. When I put user to AD group "Test1" and than that group "Test1" I put to AD group "Test2" and map "Test2" group to connection profile using DAP user can't authenticate and vpn is terminated.
I don't if cisco ASA can authenticated user when user is in group and that group is in another group. Maybe there should be some additional configuration.
If you faced similar situation, please help me.