Hello everybody,
our customer uses a Firepower 2101 running a ASA OS 9.10(1)44 and has many Dynamic Access Policies (DAC) for their business partners.
He created a new AD Group and a new DAC and specifies a new Group Policy for this new business partner named Pavis (see attached screen dump).
The login is working for a test-user of this group but AnyConnect is using another Group Policy (GroupPolicy_Bionorica_SE_EXTERN) as specifies (GroupPolicy_Bionorica_SE_EXTERN_Pavis) in the DAC. So the IP-Address pool is wrong and the ACLs dont't meet their requirements.
I assume that the reason for this misbehaviour in not on the ASA but on the AD.
My Question is: What could cause the usage of the wrong Group Policy even if the right one is specified in the DAC and where I need to check this?
Attached you find the configuration.
Every hint is welcome!!!
Thanks a lot!
Bye
R.