31-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Field Reference
Add/Edit DAP Entry Dialog Box > AAA Attributes RADIUS
The RADIUS client stores all native RADIUS response attribute value pairs in a database associated with
the AAA session for the user. The RADIUS client writes the response attributes to the database in the
order in which it receives them. It discards all subsequent attributes with that name. This scenario might
occur when a user record and a group record are both read from the RADIUS server. The user record
attributes are read first, and always have priority over group record attributes.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select AAA Attributes RADIUS as the Criterion.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
Table31-7 Add/Edit DAP Entry Dialog Box > AAA Attributes LDAP
Element Description
Criterion Shows AAA Attributes LDAP as the selection criterion.
Attribute ID Specify the name of the LDAP attribute map in the dynamic access
policy. LDAP attribute maps take the attribute names that you define
and map them to Cisco-defined attributes. A maximum of 64 characters
is allowed.
Value Select the matching criteria (for example, is) from the drop-down list,
and enter the custom map value that maps to a Cisco Map Value or enter
the Cisco map value that maps to the Custom Map Value.
The attribute map is populated with value mappings that apply
customer, user-defined attribute values to the customer attribute name
and to the matching Cisco attribute name and value.
Table31-8 Add/Edit DAP Entry Dialog Box > AAA Attributes RADIUS
Element Description
Criterion Shows AAA Attributes RADIUS as the selection criterion.