31-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Add/Edit DAP Entry Dialog Box
Use the Add/Edit DAP Entry dialog box to specify the authorization attributes and endpoint attributes
for a dynamic access policy. The security appliance selects the dynamic access policy based on the
endpoint security information of the remote device and the AAA authorization information for the
authenticated user. It then applies the dynamic access policy to the user tunnel or session.
For detailed information about dynamic access policy attributes, see Understanding DAP Attributes,
page 31-3.
The content of the dialog box differs based on the criterion that you select. The criterion is the
authorization or endpoint attribute that serves as the selection criterion that the security appliance uses
for selecting and applying dynamic access policies during session establishment. You can select from
the following criteria:
AAA Attributes Cisco—Refers to user authorization attributes that are stored in the AAA
hierarchical model. See Add/Edit DAP Entry Dialog Box > AAA Attributes Cisco, page 31-20
AAA Attributes LDAP—Sets the LDAP client stores all native LDAP response attribute value pairs
in a database associated with the AAA session for the user. See Add/Edit DAP Entry Dialog Box >
AAA Attributes LDAP, page 31-22.
AAA Attributes RADIUS—Sets the RADIUS client stores all native RADIUS response attribute
value pairs in a database associated with the AAA session for the user. See Add/Edit DAP Entry
Dialog Box > AAA Attributes RADIUS, page 31-23.
Anti-Spyware—Creates an endpoint attribute of type Anti-Spyware. You can use the Host Scan
modules of Cisco Secure Desktop to scan for antispyware applications and updates that are running
on the remote computer. See Add/Edit DAP Entry Dialog Box > Anti-Spyware, page 31-24.
Anti-Virus—Creates an endpoint attribute of type Anti-Virus. You can use the Host Scan modules
of Cisco Secure Desktop to scan for antivirus applications and updates that are running on the
remote computer. See Add/Edit DAP Entry Dialog Box > Anti-Virus, page 31-25.
AnyConnect Identity—Creates an endpoint attribute of type AnyConnect Identity. See Add/Edit
DAP Entry Dialog Box > AnyConnect Identity, page31-26.
Application—Indicates the type of remote access connection. See Add/Edit DAP Entry Dialog Box
> Application, page 31-27.
User Message Enter a text message to display on the portal page when this DAP record
is selected. Maximum 128 characters. A user message displays as a
yellow orb. When a user logs on it blinks three times to attract attention,
and then it is still. If several DAP records are selected, and each of them
has a user message, all user messages display.
Note You can include in such messages URLs or other embedded
text, which require that you use the correct HTML tags.
For example: All contractors please read <a
href=‘http://wwwin.abc.com/procedure.html’>
Instructions</a> for the procedure to upgrade your antivirus
software.
Table31-5 Add/Edit Dynamic Access Policy Dialog Box > Main Tab (Continued)
Element Description