70-38
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter70 Configuring Dynamic Access Policies
Guide to Creating DAP Logical Expressions using LUA
Example:
EVAL(endpoint.os.version, “EQ”, “Windows XP”, “string”)

Constructing DAP EVAL Expressions

Study these examples for help in creating logical expressions in Lua.
This endpoint expression tests for a match on CLIENTLESS OR CVC client types:
(EVAL(endpoint.application.clienttype,”EQ”,"CLIENTLESS") or
EVAL(endpoint.application.clienttype, “EQ”,"CVC"))
This endpoint expression tests for Norton Antivirus versions 10.x but excludes 10.5.x:
(EVAL(endpoint.av[“NortonAV”].version, “GE”, "10",”version”) and
(EVAL(endpoint.av[“NortonAV”].version,”LT”, "10.5", “version”) or
EVAL(endpoint.av[“NortonAV”].version, “GE”, "10.6", “version”)))
The DAP CheckAndMsg Function
CheckAndMsg is a Lua function that you can configure DAP to call. It generates a user message based
on a condition.
You use ASDM to configure CheckAndMsg through the Advanced field in DAP. The ASA displays the
message to the user only when the DAP record containing the LUA CheckAndMsg function is selected
and results in a clientless SSL VPN or AnyConnect termination.
The syntax of the CheckAndMsg function follows:
<attribute> AAA attribute or an attribute returned from Cisco Secure Desktop, see
Table70-1 and Table 70-3 for attribute definitions
<comparison> One of the following strings (quotation marks required)
“EQ” equal
“NE” not equal
“LT” less than
“GT” greater than
“LE” less than or equal
“GE” greater than or equal
<value> A string in quotation marks that contains the value to compare the attribute
against
<type> One of the following strings (quotation marks required)
“string” case-sensitive string comparison
“caseless” case-insensitive string comparison
“integer” number comparison, converts string values to numbers
“hex” number comparison using hexadecimal values, converts hex
string to hex numbers
“version” compares versions of the form X.Y.Z. where X, Y, and Z are
numbers