31-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Configuring Dynamic Access Policies
Step 4 Specify a priority for the DAP record. The security appliance applies access policies in the order you set
here, highest number having the highest priority.
Step 5 Enter a description for the DAP record.
Step 6 In the Main tab, configure the DAP attributes and the type of remote access method supported by the
DAP system on your security appliance. For a detailed description of the elements on this tab, see
Table 31-5 on page31-13.
a. Click Create below the table, or select a DAP entry in the table and click Edit. The Add/Edit DAP
Entry dialog box opens. For a description of the elements on this dialog box, see Add/Edit DAP
Entry Dialog Box, page 31-19.
For a full description of the procedure to define the DAP attributes, see Configuring DAP Attributes,
page 31-7.
b. Select the type of remote access permitted by the DAP system.
c. Select the Network ACL tab to select and configure network ACLs to apply to this DAP record.
This tab is available only if you selected an access method other than Web Portal.
d. Select the WebTyp e ACL tab to select and configure Web-type ACLs to apply to this DAP record.
This tab is available only if you selected an access method other than AnyConnect Client.
e. Select the Functions tab to configure file server entry and browsing, HTTP proxy, and URL entry
for the DAP record.
This tab is available only if you selected an access method other than AnyConnect Client.
f. Select the Port Forwarding tab to select and configure port forwarding lists for user sessions.
This tab is available only if you selected an access method other than AnyConnect Client.
g. Select the URL List tab to select and configure URL lists for user sessions.
This tab is available only if you selected an access method other than AnyConnect Client.
h. Select the Action tab to configure the type of remote access permitted.
This tab is available for all types of access methods.
Step 7 Select the Logical Operators tab to create multiple instances of each type of endpoint attribute. For a
description of the elements on this tab, see Table 31-21 on page 31-37.
Step 8 Select the Advanced Expressions tab to set additional attributes for the DAP using free-form LUA. For
a description of the elements on this tab, see Table31-22 on page 31-39.
Step 9 Click OK.
Understanding DAP Attributes
DAP records include all of the attributes that you configure. These can include AAA attributes, endpoint
attributes, and access policies as configured in network and web-type ACL filter, port forwarding and
URL lists.
DAP and AAA Attributes