Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dap connection type

Dear all,

we have some users who use umts to connect to our vpn service. the big problem we have is when they are in othercoutries and the get a windows update. is there a way to use dap and "see" the connection type?

or does someone have an other solution?

regards,

gerard

4 REPLIES
Cisco Employee

Re: dap connection type

Hi Gerard,

I don't think DAP (or any other ASA feature) can detect what kind of internet access is being used.

But I'm not sure I understand what the problem is that you wanted to solve that way, can you please clarify?

tnx

H

New Member

Re: dap connection type

Dear Herbert,

the problem we have is that when people are working in other countries and they are using their umts device, we don't want them to get windows update if they are connected via vpn. this because the data costs per mb are very high.

Regards,

Gerard

Cisco Employee

Re: dap connection type

Hi Gerard,

ok, I guess there is not really an easy way to achieve this.

The closest things I can think of are:

1/

IF you enable CSD (Cisco Secure Desktop - a licensed feature) and

IF the users always connect from the same ISP (or limited set of ISPs) and you can find out which IP range that ISP uses.

Then you can define a "pre-login-policy" that matches on IP address of the client, and use that "location" in a DAP policy.

2/

You could create a seperate Tunnel-group (connection profile in ASDM terms) and tell the users to use that group when they connect from abroad.

Probably not entirely what you wanted, but maybe it helps?

Herbert

New Member

Re: dap connection type

Herbert,

I didn't think about a second tunnel group which you can choose, the only problem I can think of is that our acs sends out the group policy and this seems to overrule the tunnel group settings

Regards,

Gerard

213
Views
3
Helpful
4
Replies