Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Adding a File Endpoint Attribute to a DAP

70-22

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter70 Configuring Dynamic Access Policies

Configuring Endpoint Attributes Used in DAPs

Step4 Check the Platform Version check box and set the operation field to be equal to (=), not equal to (!=),

less than (<), greater than (>), less than or equal to (<=), or greater than or equal to (>=) the operating

system version number you then specify in the Platform Version field.

If you want to create a DAP record that contains this attribute, be sure to also specify a Platform in the

previous step.

Step5 If you selected the Platform checkbox and selected the Apple iOS or Android platform, you can check

the Device Type checkbox. Set the operation field to be equal to (=) or not equal to (!=) the mobile device

you then select in the Device Type field.

When you specify Android in the Platform field, you will be able to pick from a list of supported

Android devices in the Device Type field. When you specify Apple iOS in the Platform field you will

be able to pick from a list of supported Apple devices in the Device Type field. In both cases, the proper

Android or Apple iOS device type information is substituted for the device type you choice from the list

box.

If you have a supported device which is not listed in the Device Type field, you can enter the Android or

Apple iOS device type information in the Device Type field. The most reliable way to obtain the device

type information is to install the AnyConnect client on the endpoint and perform a DAP Trace. In the

DAP trace results, look for the value of endpoint.anyconnect.devicetype. That is the value that you

need to enter in the Device Type field.

Step6 If you selected the Platform checkbox and selected the Apple iOS or Android platform, you can check

the Device Unique ID checkbox. Set the operation field to be equal to (=) or not equal to (!=) the mobile

device’s unique ID you then specify in the Device Unique ID field.

The Device Unique ID distinguishes individual devices allowing you to set policies for a particular

mobile device. To obtain a device’s unique ID you will need the device to connect to the ASA and

perform a DAP trace. See Performing a DAP Trace, page 70-36 for more information.

Step7 Click OK.

Step8 Return to Configuring Dynamic Access Policies, page 70-10.

Additional References

See Endpoint Attribute Definitions, page 70-29 for additional information on the AnyConnect endpoint

attribute requirements.

Adding a File Endpoint Attribute to a DAP

Prerequisites

•Configuring File endpoint attributes as selection criteria for DAP records is part of a larger process.

Read Configuring Dynamic Access Policies, page 70-10 before you configure File endpoint

attributes.

•Before configuring a File endpoint attribute, define the file for which you want to scan in the Host

Scan window for Cisco Secure Desktop. In ASDM select Configuration > Remote Access VPN >

Secure Desktop Manager > Host Scan. Click Help on that page for more information.

Cisco Systems Adding a File Endpoint Attribute to a DAP