31-39
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Advanced Expressions Tab
Use the Advanced Expressions tab of the Add/Edit Dynamic Access Policy dialog box to set additional
attributes for the dynamic access policy. You can configure multiple instances of each type of endpoint
attribute. Be aware that this is an advanced feature that requires knowledge of LUA (www.lua.org).
Note For detailed information about advanced expressions, see About Advanced Expressions for AAA or
Endpoint Attributes and Examples of DAP Logical Expressions.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12, then click the Advanced
Expressions tab.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
Registry Registry key scans apply only to computers running Windows
Microsoft Windows operating systems. Basic Host Scan ignores
registry key scans if the computer is running Mac OS or Linux.
Select one of the following options if you defined Registry as an
endpoint attribute:
Match Any—Set to require that user authorization attributes
match any of the values in the Antivirus endpoint attributes you are
configuring.
Match All—Set to require that user authorization attributes match
all of the values in the endpoint attributes you are configuring, as
well as satisfying the AAA attribute.
Table31-21 Add/Edit Dynamic Access Policy Dialog Box > Logical Operations Tab (Continued)
Element Description
Table31-22 Add/Edit Dynamic Access Policy Dialog Box > Advanced Expressions Tab
Element Description
Basic Expressions This text box is populated with basic expressions based on the endpoint
and AAA attributes that you configured in the dynamic access policy.