Dynamic access policy ACL not beeing applied to user
Trying to setup dynamic access policy to restrict some users from being able to get on VPN. Our default policy allows everybody on VPN, we just need to exclude a small number of contractors. I created an AD group called NoVPN & put a new test user into it (testnovpn)
I'll created a new dynamic access policy & set the ldap.MemberOf = NoVpn (which is an Active Directory group) & to then terminate.
But this user can still connect to VPN. Config looks like following & the ASA is able to query for LDAP groups just fine if I click edit
Debug attached, I don't see any reference to the LDAP group?
When you go to dynamic access policies in ASDM is your NoVPN ACL at the top of the list (highest ACL priority)? These get processed in order and if your user is in both groups the first will be taken and the rest ignored.
Also, is your default policy at that bottom of this list deny access?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...