Filter
Top Products
31-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
• You are configuring the Match Any/Match All operation within each endpoint type. The security
appliance evaluates each type of endpoint attribute, and then performs a logical AND operation on
all of the configured endpoints. That is, each user must satisfy the conditions of ALL of the
endpoints you configure, as well as the AAA attributes.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12, then click the Logical Operations
tab.
Related Topics
• Understanding DAP Attributes, page 31-3
• Configuring DAP Attributes, page 31-7
• Configuring Dynamic Access Policies, page 31-2
Field Reference
Table 31-21 Add/Edit Dynamic Access Policy Dialog Box > Logical Operations Tab
Element Description
AAA Select one of the following options if you defined the AAA attribute in
the dynamic access policy:
• Match Any—Creates an OR relationship among the attributes.
Attributes matching any of your criteria are included in the filter.
The security appliance grants access to a particular user for a
particular session even if any one of the attributes is matching all
your criteria.
• Match All—Creates an AND relationship among the attributes.
The security appliance grants access to a particular user for a
particular session only if the attributes are matching all your
criteria.
• Match None—Creates a NOT relationship among the attributes.
The dynamic access policy specifies that none of the attributes of
the user need to match to be granted access to a session.
Anti-Spyware Select one of the following options if you defined Anti-Spyware as an
endpoint attribute:
• Match Any—Creates an OR relationship among the attributes.
Policies matching any instance of your criteria are used to
authorize users.
• Match All—Creates an AND relationship among the attributes.
Only those attributes matching all your criteria are used to
authorize users.