How does group-policy inheritance work for a Cisco ASA?

Question

I don't have a lab ASA to confirm this and reading through the Cisco docs left me less then %100 sure.

What I really want to know is if I pull an attribute from a group-policy will it then be replaced by what is already setup in the DfltGrpPolicy?

Here is a good example:

group-policy DfltGrpPolicy attributes
 dns-server value 1.1.1.1

group-policy BLAH-VPN attributes
 dns-server value 5.5.5.5

if I then remove the dns-server statment from BLAH-VPN will that group then use the value set in DfltGrpPolicy?

score 5 · Accepted Answer · answered May 29 '13 at 19:36

5

if I then remove the dns-server statment from BLAH-VPN will that group then use the value set in DfltGrpPolicy?

Yes, the dns-server value it inherits from DfltGrpPolicy takes over as long as BLAH-VPN is still defined

answered May 29 '13 at 19:36

Mike Pennington

1 Answers1