Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9689
Views
10
Helpful
18
Replies

Anyconnect VPN and DAP

Go to solution
cowetacoit
Level 1
Level 1

‎03-26-2010 12:25 PM - edited ‎02-21-2020 04:34 PM

I'm tying to figure out how to migrate from IPSec to Anyconnect. I have successfully configured Anyconnect to work although not the way i'd like. With IPSec i'd have 1 profile for all of our staff and seperate individual profiles for vendors that needed certain access to servers or ther networks. Since we started looking at Anyconnect we enabled LDAP on the ASA. My question is how can i assign a single user an ACL which only allows them access to one server or device? I created a DAP but i only see where i can add AD groups, not individual users.

Labels:
0 Helpful
18 Replies 18

Go to solution
cowetacoit
Level 1
Level 1
In response to ksirupa

‎04-02-2010 05:24 AM

thanks for the info but the didn't seem to work either. I can't get the username to associate with the DAP. It just goes straight to the default DAP. Do i need to do any Attribute mapping or anything else in AD? Also i only have the 2 licenses for the SSL VPN client. We're waiting on the license order to go through. Would that have anything to do with it?

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to cowetacoit

‎04-02-2010 05:35 AM

No, license has nothing to do with the issue. License will allow you only 2 concurrent SSL connections at the moment.

Looks like you are matching on LDAP.username on the DAP policy. Please match on "Cisco" username, instead of "LDAP" username on the DAP policy.

Go to solution
cowetacoit
Level 1
Level 1
In response to Jennifer Halim

‎04-02-2010 05:52 AM

awesome....got it working now. thanks guy!

0 Helpful

Go to solution
triw
Level 1
Level 1

‎08-31-2021 12:33 AM - edited ‎08-31-2021 12:34 AM

Is there someone has experience DAP with Cisco ISE as radius? I need exempt some of user from Always-On VPN 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents