31-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Add/Edit DAP Entry Dialog Box > Anti-Spyware
You can use the Host Scan feature of the Cisco Secure Desktop feature to enable Endpoint Assessment,
a scan for antivirus, personal firewall, and antispyware applications and updates that are running on the
remote computer. Following the configuration of the prelogin policies and host scan options, you can
configure a match of any one or any combination of the Host Scan results to assign a dynamic access
policy following the user login.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select Anti-Spyware as the Criterion.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
Attribute ID Specify the name of the RADIUS attribute name or number in the
dynamic access policy. A maximum of 64 characters is allowed.
RADIUS attribute names do not contain the cVPN3000 prefix to better
reflect support for all three security appliances (VPN 3000, PIX, and
the ASA). The appliances enforce the RADIUS attributes based on
attribute numeric ID, not attribute name. LDAP attributes are enforced
by their name, not by the ID.
Value Select the matching criteria (for example, is) from the drop-down list,
and enter the attribute value.
Table31-8 Add/Edit DAP Entry Dialog Box > AAA Attributes RADIUS (Continued)
Element Description
Table31-9 Add/Edit DAP Entry Dialog Box > Anti-Spyware
Element Description
Criterion Shows Anti-Spyware as the selection criterion.