Filter
Top Products
31-34
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Add/Edit DAP Entry Dialog Box > Process
You can specify a set of process names, which form a part of Basic Host Scan. The host scan, which
includes Basic Host Scan and Endpoint Assessment, or Advanced Endpoint Assessment; occurs after the
prelogin assessment but before the assignment of a dynamic access policy. Following the Basic Host
Scan, the security appliance uses the login credentials, the host scan results, prelogin policy, and other
criteria you configure to assign a DAP.
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select Process as the Criterion.
Related Topics
• Understanding DAP Attributes, page 31-3
• Configuring DAP Attributes, page 31-7
• Configuring Dynamic Access Policies, page 31-2
Field Reference
Table 31-19 Add/Edit DAP Entry Dialog Box > Process
Element Description
Criterion Shows Process as the selection criterion.
Type Select one of the following options and assign the associated values:
• Matches—Select if the mere presence of the named process on the
remote PC is sufficient to match the prelogin policy you are
configuring.
• Doesn’t Match—Select if the absence of the named process from
the remote PC is sufficient to match the prelogin policy you are
configuring.
Endpoint ID A string that identifies an endpoint for files, processes or registry
entries. Dynamic access policies use this ID to match Cisco Secure
Desktop host scan attributes for dynamic access policy selection. You
must configure Host Scan before you configure this attribute. When
you configure Host Scan, the configuration displays in this pane, so you
can select it, reducing the possibility of errors in typing or syntax.