ASA 5520 - VPN Default Policy

[luckybob34]

I have configured my VPN information and use my Active Directory for authentication and group policy access. On the initial group I have a default policy in place to deny users access if they are not mapped to a policy from an active directory group. The only problem is that the policy blocks all traffic even if the user authenticates to a group with access rights. I want to be able to deny all traffic for users who are not matched up with a proper VPN Group setup through active directory and asa group policy.

ex.
Active Directory Group: VPN_ALL_ACCESS
LDAP attribute map to Group Policy: ALL_ACCESS

When siging on I get the correct banner, but because the default policy lists no access (Split tunnel) the ALL_ACCESS group does not override this.

Thanks for the help

 

[luckybob34]

I seem to have fixed my own issue, or should I say there was no issue to fix. The default policy was being over written by the group policy, I had other issues preventing connectivity through the vpn.

Everything is working now.