Chapter 65
Configuring Dynamic Access Policies
If you must use Advanced mode, we recommend that you use EVAL expressions whenever possible for
Note
reasons of clarity, which makes verifying the program straightforward.
EVAL(<attribute> , <comparison>, {<value> | <attribute>}, [<type>])
<attribute>
<comparison>
<value>
<type>
Example:
EVAL(endpoint.os.version, "EQ", "Windows XP", "string")
Constructing DAP EVAL Expressions
Study these examples for help in creating logical expressions in Lua.
•
•
OL-20339-01
AAA attribute or an attribute returned from Cisco Secure Desktop, see
Table 65-1
One of the following strings (quotation marks required)
"EQ"
"NE"
"LT"
"GT"
"LE"
"GE"
A string in quotation marks that contains the value to compare the attribute
against
One of the following strings (quotation marks required)
"string"
"caseless"
"integer"
"hex"
"version"
This endpoint expression tests for a match on CLIENTLESS OR CVC client types:
(EVAL(endpoint.application.clienttype,"EQ","CLIENTLESS") or
EVAL(endpoint.application.clienttype, "EQ","CVC"))
This endpoint expression tests for Norton Antivirus versions 10.x but excludes 10.5.x:
(EVAL(endpoint.av["NortonAV"].version, "GE", "10","version") and
(EVAL(endpoint.av["NortonAV"].version,"LT", "10.5", "version") or
EVAL(endpoint.av["NortonAV"].version, "GE", "10.6", "version")))
and
Table 65-3
for attribute definitions
equal
not equal
less than
greater than
less than or equal
greater than or equal
case-sensitive string comparison
case-insensitive string comparison
number comparison, converts string values to numbers
number comparison using hexadecimal values, converts hex
string to hex numbers
compares versions of the form X.Y.Z. where X, Y, and Z are
numbers
Cisco ASA 5500 Series Configuration Guide using ASDM
Understanding VPN Access Policies
65-23