Cisco 5520 - ASA IPS Edition Bundle Configuration Manual page 53

Chapter 5 Setting Up CSD for Microsoft Windows Clients
Note
Always use Success Group-Policy if you want to apply the default WebVPN group policy to any
•
remote client matched to this location.
This option is the default group-based policy setting. If you click this radio button, CSDM dims the
attributes in the Criteria area; you cannot change other settings on this tab. Your configuration of a
group-based policy ends with this step.
Use Success Group-Policy if criteria match if you want to apply the following group policy to the
•
remote client matched to this location:
–
–
Note
If you click this radio button, CSDM activates the check boxes in the criteria area.
Note
Continue with the following steps.
Check Location Module if you want to require the presence of Secure Desktop or Cache Cleaner as a
Step 3
criterion for assigning the success group policy, then choose the module to require: Secure Desktop or
Cache Cleaner.
Note
Check Anti-Virus, Anti-Spyware, Firewall, and OS if you want to require their presence as conditions
Step 4
for assigning the success group policy.
If you enable more than one category, the end user's computer must pass in each category to pass the
System Detection check. An "AND" relationship is present among the enabled categories.
The options within each category have an "OR" relationship. For example, you can specify that any one
of a list of antivirus software programs be running, and even if you have checked all of them as possible
candidates, having just one of them running is enough to satisfy the antivirus software requirement.
The security categories are as follows:
OL-8607-02
If you click this radio button, change the alternative group policy setting for the WebVPN
tunnel group to a group policy that has access rights that are different than the default group
policy. To do so, choose the Configuration > VPN > General > Tunnel Group >
Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change the policy assigned
to the Alternative group policy attribute to apply a policy to all clients who match this
location.
WebVPN default group policy if the client PC satisfies the criteria specified on this tab.
WebVPN failure group policy if the client PC fails to satisfy the criteria specified on this tab.
If you click this radio button, choose the Configuration > VPN > General >
Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change
the policy assigned to the Alternative group policy attribute to apply a policy to clients that
fail to satisfy the criteria.
A "Use Success Group-Policy if criteria match," setting without criteria is equivalent to
"Always use Success Group-Policy."
If the feature you choose is not active, the client fails the VPN feature policy criteria check.
Configuring the Secure Desktop for Clients that Match Location Criteria
Cisco Secure Desktop Configuration Guide
5-15