Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DAP with Client and AnyConnect

Creating dynamic access policies. Right now I'm just running a simple one - if specific AntiVirus defs are less than 7 days old, allow. DfltAccessPolicy set to terminate. This works fine when using AnyConnect. However, when I use the Cisco client (on the same pc), it fails every time (413 Authentication Failure). I'm assuming it's hitting the DflAccessPolicy, but it's not hitting the EndPoint attribute. If I change the Dflt to continue, vs terminate, then I can get in with the client. Anyone know if both the Cisco Client and AnyConnect can work together when using DAP?

Thanks,

Brian

4 REPLIES

Re: DAP with Client and AnyConnect

Can you turn on the debug "debug dap trace 1" along with "debug crypto isakmp 15" and paste it here? Also can you tell me if on DAP you chose any specific application to which this policy is applied to?

New Member

Re: DAP with Client and AnyConnect

There's no application for the DAP, just checking for Symantec Antivirus and definition dates (which is on the pc I'm testing with).

I'll add the traces as attachment (too large for the post). First one is with the client failing, second with AnyConnect passing.

Thanks

Re: DAP with Client and AnyConnect

Mhhh it seems to me that based on these debugs, the ASA is unable to retrieve this information from the IPSec client, so I wonder if this is supported for ipsec client itself, you might want to check the release notes or get a tac case opened for confirmation.

New Member

Re: DAP with Client and AnyConnect

That's kind of what I thought. Thanks for looking into it. I'll follow up with TAC.

233
Views
0
Helpful
4
Replies
CreatePlease to create content