Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
31-31
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page 31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
Add/Edit DAP Entry Dialog Box > Operating System
The prelogin assessment includes a check for the OS attempting to establish a VPN connection. When
the user attempts to connect, however, Cisco Secure Desktop checks for the OS, regardless of whether
you insert an OS prelogin check.
If the prelogin policy assigned to the connection has Secure Desktop (Secure Session) enabled and if the
remote PC is running Microsoft Windows XP or Windows 2000, it installs Secure Session, regardless of
whether you insert an OS prelogin check. If the prelogin policy has Secure Desktop enabled and the
operating system is Microsoft Windows Vista, Mac OS X 10.4, or Linux, Cache Cleaner runs instead.
Therefore, you should make sure the Cache Cleaner settings are appropriate for a prelogin policy on
which you have configured Secure Desktop or Cache Cleaner to install. Although Cisco Secure Desktop
checks for the OS, you may want to insert an OS prelogin check as a condition for applying a prelogin
policy to isolate subsequent checks for each OS.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select Operating System as the Criterion.
Related Topics
Understanding DAP Attributes, page 31-3
Configuring DAP Attributes, page 31-7
Configuring Dynamic Access Policies, page 31-2
Field Reference
Table 31-15 Add/Edit DAP Entry Dialog Box > NAC
Element Description
Criterion Shows NAC as the selection criterion.
Posture Status Select the matching criteria (for example, is) from the drop-down list,
then enter the posture token string received from ACS.
Table 31-16 Add/Edit DAP Entry Dialog Box > Operating System
Element Description
Criterion Shows Operating System as the selection criterion.