Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DAP vs cut through proxy

Hello,

I've configured, in my ASA 5550, cut through proxy with IAS/AD for internal users browsing the Internet and the feature works well.

As soon as I deployed the remote access VPN config which's working with DAP, the cut though proxy stopped working.

Users got error message (error:Dynamic access policy not continue.

How can I disable http request handling by DAP, I want to use DAP and cut though proxy separately.

Thanks for your hints

11 REPLIES

Re: DAP vs cut through proxy

This is Odd, DAP asks you to choose the application that it will be used for, in your case IPSEC, did you choose this application?

Community Member

Re: DAP vs cut through proxy

Hi,

For now I removed all policies and I just have the default Access policy and there's no application for it.

Thank you.

Re: DAP vs cut through proxy

So is it working now or not?

Community Member

Re: DAP vs cut through proxy

you have to configure the default action to continue to make it work.

when you configure the default action to terminate the error message is displayed.

Do you have a link or a document that explain how to configure DAP without interfering with cut through proxy ?

Thank you.

Re: DAP vs cut through proxy

Yes, and DAP has a default action enabled by default which action is to continue, I don't think there are docs explaining how to integrate both but again using the application type you can restrict it to

cut-through or IPSEC.

https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Community Member

Re: DAP vs cut through proxy

Thank you...I'll remake my test based on your suggestions.

Best regards

Community Member

Re: DAP vs cut through proxy

Hello,

I want to use DAP with a ipsec VPN client and whenever I create a dynamic policy in CSM, I receive a message asking to activate CSD.

How can I use DAP without CSD ?

Thanks

Re: DAP vs cut through proxy

I have not done it via CSM before, are you on the right section?

Community Member

Re: DAP vs cut through proxy

Yes, CSM 3.2.1 allow you to configure DAP but not the 3.2 version.

How to configure the application in ASDM ? I didn't see a field for the application.

Re: DAP vs cut through proxy

ASDM 6.0 should have it under SVC Anyconnect section for remote access, but worry not that does not mean it applies anything to the SVC or anyconnect just seems they find no better place to put it, there is another section which I don't have on top of my head right now.

Community Member

Re: DAP vs cut through proxy

OK, I'll test it and let you know.

thank you very much

612
Views
5
Helpful
11
Replies
CreatePlease to create content