Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
31-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Configuring Dynamic Access Policies
All session information is encrypted, and all traces of the session data are removed from the remote
client when the session is terminated, even if the connection terminates abruptly. This ensures that
cookies, browser history, temporary files, and downloaded content do not remain on a system.
When the session closes, CSD overwrites and removes all data using a U.S. Department of Defense
(DoD) sanitation algorithm to provide endpoint security protection.
Note A complete explanation of the capabilities and configuration of the Cisco Secure Desktop program is
beyond the scope of this document. For information about configuring CSD, and what CSD can do for
you, see the materials available online at
http://www.cisco.com/en/US/products/ps6742/tsd_products_support_configure.html. Select the
configuration guide for the CSD version you are configuring.
This procedure describes how to configure the Cisco Secure Desktop feature on an ASA device.
Before You Begin
Make sure a connection profile policy has been configured on the device. See Configuring
Connection Profiles (ASA, PIX 7.0+), page 30-6.
Related Topics
Understanding and Managing SSL VPN Support Files, page 29-5
Step 1 Do one of the following:
(Device view) With an ASA device selected, select Remote Access VPN > Dynamic Access from
the Policy selector.
(Policy view) Select Remote Access VPN > Dynamic Access (ASA) from the Policy Type selector.
Select an existing policy or create a new one.
The Dynamic Access page opens. For a description of the elements on this page, see Dynamic Access
Page (ASA), page 31-10.
Step 2 In the Cisco Secure Desktop section, select Enable CSD to enable CSD on the ASA device.
Step 3 In the CSD Package field, specify the name of the File Object that identifies the Cisco Secure Desktop
package you want to upload to the device. Click Select to select an existing File Object or to create a
new one. For more information, see Add and Edit File Object Dialog Boxes, page 33-25.
Note The package version must be compatible with the ASA operating system version. When you
create a local policy in Device view, the Version field indicates the CSD package version you
should select. (The version is included in the package file name. For example,
securedesktop-asa_k9-3.3.0.118.pkg is CSD version 3.3.0.118.) When you create a shared
policy in Policy view, the Version field indicates the version of the CSD file you selected. For
more information on version compatibility, see Understanding and Managing SSL VPN Support
Files, page 29-5.
Step 4 (Optional) In the Hostscan Package field, specify the name of the File Object that identifies the Host
Scan package you want to upload to the device. Click Select to select an existing File Object or to create
a new one. For more information, see Add and Edit File Object Dialog Boxes, page 33-25.
Step 5 Click Configure to open the Cisco Secure Desktop Manager (CSDM) Policy Editor that lets you
configure CSD on the security appliance. This application is independent of Security Manager; read the
CSD documentation cited above for an explanation of how to use the policy editor.