Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

31-32

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)

Dynamic Access Page (ASA)

Add/Edit DAP Entry Dialog Box > Personal Firewall

You can click Host Scan in the Cisco Secure Desktop interface to enable Endpoint Assessment, a scan

for personal firewalls that are running on the remote computer. Most, but not all, personal firewall

programs support active scan, which means that the programs are memory-resident, and therefore always

running.

Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint

attributes, the security appliance always selects it since all selection criteria are satisfied.

Navigation Path

Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then

click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry

dialog box is displayed. Select AAA Attributes Cisco as the Criterion.

Related Topics

• Understanding DAP Attributes, page 31-3

• Configuring DAP Attributes, page 31-7

• Configuring Dynamic Access Policies, page 31-2

Field Reference

OS Version Select the check box, then select the matching criteria (for example, is)

from the drop-down list, and select the OS version from the list. Select

Apple Plugin for iPhones and similar devices.

Service Pack Select the check box, then select the matching criteria (for example, is)

from the drop-down list, and select the service pack for the operating

system.

Table 31-16 Add/Edit DAP Entry Dialog Box > Operating System (Continued)

Element Description

Table 31-17 Add/Edit DAP Entry Dialog Box > Personal Firewall

Element Description

Criterion Shows Personal Firewall as the selection criterion.

Type Select one of the following options and assign the associated values:

• Not Installed—Select if the absence of the named personal

firewall from the remote PC is sufficient to match the prelogin

policy you are configuring.

• Installed and enabled—Select if the named personal firewall must

be present and enabled on the remote PC to match the prelogin

policy you are configuring.

• Installed and disabled—Select if the mere presence of the named

personal firewall on the remote PC is sufficient to match the

prelogin policy you are configuring.

Vendor Name Select the text that describes the application vendor from the list.

previous next