Cisco Systems CL-28826-01

31-14

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)

Dynamic Access Page (ASA)

Content Values of the AAA and endpoint attributes criteria that the security

appliance uses for selecting and applying a dynamic access policy

record during session establishment. Attribute values that you

configure here override authorization values in the AAA system,

including those in existing group policy, tunnel group, and default

group records.

Create button Click this button to configure AAA and endpoint attributes as selection

criteria for the DAP record. See Add/Edit DAP Entry Dialog Box,

page 31-19.

Edit button Click this button to edit the selected dynamic access policy. See

Add/Edit DAP Entry Dialog Box, page 31-19.

Delete button Click this button to delete the selected dynamic access policies.

Access Method Specify the type of remote access permitted:

•Unchanged—Continue with the current remote access method.

•AnyConnect Client—Connect using the Cisco AnyConnect VPN

Client.

•Web Po rtal —Connect with clientless VPN.

•Both default Web Portal—Connect via either clientless or the

AnyConnect client, with a default of clientless.

•Both default AnyConnect Client—Connect via either clientless

or the AnyConnect client, with a default of AnyConnect.

Network ACL tab—Lets you select and configure network ACLs to apply to this dynamic access

policy. An ACL for a dynamic access policy can contain permit or deny rules, but not both. If an ACL

contains both permit and deny rules, the security appliance rejects it.

Network ACL Lists the Access Control Lists (ACLs) that will be used to restrict user

access to the SSL†VPN.

Click the Select button to open the Access Control Lists Selector from

which you can make your selection. The ACL contains conditions that

describe a traffic stream of packets, and actions that describe what

should occur based on those conditions. Only ACLs having all permit

or all deny rules are eligible.

WebType ACL tab—Lets you select and configure web-type ACLs to apply to this dynamic access

policy. An ACL for a dynamic access policy can contain only permit or deny rules. If an ACL contains

both permit and deny rules, the security appliance rejects it.

Web Type ACL Specifies the WebType access control list that will be used to restrict

user access to the SSL†VPN.

Click the Select button to open the Access Control Lists Selector from

which you can make your selection. Only ACLs having all permit or all

deny rules are eligible.

Functions tab—Lets you configure file server entry and browsing, HTTP proxy, and URL entry for the

dynamic access policy.

Table31-5 Add/Edit Dynamic Access Policy Dialog Box > Main Tab (Continued)

Element Description