Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - anyconnected using dap - secured routes?

All,

  I am trying to configure dynamic access policies on a ASA 5050 running 9.4.1., using split tunnelling. While I can see the acl being applied is being applied as I am using split tunnelling what I am looking to achieve is also the same acl being applied by dap to be applied to the split tunnelling/secured routes. The goal is to only route the traffic being allowed by the dap acl via the anyconnect vpn connection.

All the examples for dap do not appear to touch on the split tunnelling/secured routes - can anyone advise

 

  1. Is it possible to have the split tunnelling/secured routes built dynamically from the acl being applied by dap?
  2. If so can someone share an example config (or steps via the asdm) to achieve this?
  3. If this is not possible are there any suggested workarounds/alternatives to achieve this.

thanks in advance

Matt

1 REPLY
New Member

For anyone that does come

For anyone that does come across this post looking for the solution unfortunately it appears that cisco have not addressed this and has been around since 2007 ish. Seems like a fundamental flaw in dap (especially as it them appears to always select the default grp policy so you cannot even select a different group policy based on the dap results - unless anyone can correct me here)

 

https://supportforums.cisco.com/discussion/11202696/split-tunneling-based-dynamic-access-policy?tstart=2640

https://tools.cisco.com/bugsearch/bug/CSCsi54718

9
Views
0
Helpful
1
Replies
CreatePlease login to create content