Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
0
Replies

ASA: AnyConnect uses wrong Group Policy when using DAC

swscco001
Level 3
Level 3

‎10-27-2021 07:25 AM

Hello everybody,

 

our customer uses a Firepower 2101 running a ASA OS 9.10(1)44 and has many Dynamic Access Policies (DAC) for their business partners.

 

He created a new AD Group and a new DAC and specifies a new Group Policy for this new business partner named Pavis (see attached screen dump).

 

The login is working for a test-user of this group but AnyConnect is using another Group Policy (GroupPolicy_Bionorica_SE_EXTERN) as specifies (GroupPolicy_Bionorica_SE_EXTERN_Pavis) in the DAC. So the IP-Address pool is wrong and the ACLs dont't meet their requirements.

I assume that the reason for this misbehaviour in not on the ASA but on the AD.

 

My Question is: What could cause the usage of the wrong Group Policy even if the right one is specified in the DAC and where I need to check this?

 

Attached you find the configuration.

 

Every hint is welcome!!!

Thanks a lot!



Bye

R.

Preview file
92 KB
Preview file
101 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card