Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

DAP rule for ezvpn remote

taroyamada9999
Level 1
Level 1

‎12-14-2009 08:57 PM

Hi,

I am currently using ezvpn for branch office and remote access and I have a plan to deploy SSL vpn.

The device i use is ASA5510.

At the same time i deploy SSL vpn, I will start using DAP.

My question is what kind of DAP rule i should create for ezvpn remote.

I fould out the way for ezvpn client in the thread below.

(select "application" endpoint attribute type and set the "client type" to "IPsec".)

https://supportforums.cisco.com/thread/255314;jsessionid=9D14A1315618488A914DE8DB621470A3.node0?tstart=-1

Does this work with ezvpn remote as well?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

taroyamada9999
Level 1
Level 1

‎12-17-2009 06:41 PM

I think I need to give some additiona information.

Since I currently do not use DAP, ezvpn remote and client is allowed to communicate by default DAP record which is DfltAccessPolicy.

After depolying SSL VPN, I would like to use DfltAccessPolicy to block the session. (like an "implicit deny all" in ACL)

I belive usually DfltAccessPolicy is used in this way..

That means I need to create another DAP rule for ezvpn remote and client to prevent being blocked.

My question is what kind of attribute I need to look at to allow ezvpn remote.

Thanks in advance.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents