31-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Configuring Dynamic Access Policies
Step 1 Do one of the following:
(Device view) With an ASA device selected, select Remote Access VPN > Dynamic Access from
the Policy selector.
(Policy view) Select Remote Access VPN > Dynamic Access (ASA) from the Policy Type selector.
Select an existing policy or create a new one.
The Dynamic Access page opens. For a description of the elements on this page, see Dynamic Access
Page (ASA), page 31-10.
Step 2 Click Create on the Dynamic Access policy page, or select the row of a policy in the table on the page,
and click Edit.
The Add/Edit Dynamic Access Policy dialog box opens, displaying the Main tab. For a description of
the elements on the Main tab, see Main Tab, page 31-13.
Step 3 Click Create below the table, or select a DAP entry in the table and click Edit. The Add/Edit DAP Entry
dialog box opens. For a description of the elements on this dialog box, see Add/Edit DAP Entry Dialog
Box, page 31-19.
Step 4 Select the attribute type from the Criterion list, then enter the appropriate values. The dialog box values
vary based on your selection. Options are:
AAA Attributes Cisco; see Table 31-6 on page 31-21.
AAA Attributes LDAP; see Table31-7 on page 31-23.
AAA Attributes RADIUS; see Table31-8 on page 31-23.
Anti-Spyware; see Table 31-9 on page 31-24.
Anti-Virus; see Table31-10 on page 31-26.
AnyConnect Identity; see Table 31-11 on page 31-27.
Application; see Table31-12 on page 31-28.
Device; see Table 31-13 on page 31-29.
File; see Table 31-14 on page 31-29.
NAC; see Table31-15 on page 31-31.
Operating System; see Table 31-16 on page 31-31.
Personal Firewall; see Table31-17 on page 3 1-32.
Policy; see Table31-18 on page 31-33.
Process; see Table 31-19 on page31-34.
Registry; see Table 31-20 on page31-35.
Step 5 Click OK.
Configuring Cisco Secure Desktop Policies on ASA Devices
Cisco Secure Desktop (CSD) provides a reliable means of eliminating all traces of sensitive data by
providing a single, secure location for session activity and removal on the client system. CSD provides
a session-based interface where sensitive data is shared only for the duration of an SSL VPN session.