Cisco ASA 5505 Configuration Manual page 1429
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 65
Configuring Dynamic Access Policies
AAA Attribute Definitions
Table 65-1
Name field shows you how to enter each attribute name in a Lua logical expression, which you might do
in the Advanced section of the Add/Edit Dynamic Access Policy pane.
Table 65-1
AAA Selection Attributes for DAP Use
Attribute
Type
Attribute Name
Cisco
aaa.cisco.grouppolicy AAA
aaa.cisco.ipaddress
aaa.cisco.tunnelgroup AAA
aaa.cisco.username
LDAP
aaa.ldap.<label>
RADIUS
aaa.radius.<number>
See
Security Appliance Supported RADIUS Attributes and Values
appliance supports.
DAP and Endpoint Security
The adaptive security appliance obtains endpoint security attributes by using posture assessment
methods that you configure. These include Cisco Secure Desktop and NAC. For details, see the Cisco
Secure Desktop section of ASDM.
supports, the posture assessment tools available for that method, and the information that tool provides.
Table 65-2
DAP Posture Assessment
Remote Access Protocol
IPsec VPN
Cisco AnyConnect VPN
Clientless VPN
PIX Cut-through Proxy
1. — indicates no; X indicates yes.
OL-20339-01
defines the AAA selection attribute names that are available for DAP use. The Attribute
Source
Value
string
AAA
number
string
AAA
string
LDAP
string
RADIUS
string
Cisco Secure Desktop
Returns files information,
registry key values, running
processes, operating system
1
—
X
X
—
Max String
Length
Description
64
Group policy name on the adaptive security
appliance or sent from a Radius/LDAP
server as the IETF-CLass (25) attribute
-
Assigned IP address for full tunnel VPN
clients (IPsec, L2TP/IPsec, SSL VPN
AnyConnect)
64
Connection profile (tunnel group) name
64
Name of the authenticated user (applies if
using Local authentication/authorization)
128
LDAP attribute value pair
128
Radius attribute value pair
for a table that lists RADIUS attributes that the security
Table 65-2
identifies each of the remote access protocols DAP
Host Scan
Returns antivirus,
antispyware, and personal
firewall software information
—
X
X
—
Cisco ASA 5500 Series Configuration Guide using ASDM
Understanding VPN Access Policies
Cisco NAC
NAC
Appliance
Returns NAC
Returns VLAN
status
Type and
VLAN IDs
X
X
X
X
—
—
—
—
65-5
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
