Chapter 65
Configuring Dynamic Access Policies
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit AAA Attributes
Figure 65-4
OL-20339-01
Delete—Click to delete the selected bookmark from the URL list area. You cannot delete a
–
bookmark from the adaptive security appliance unless you first delete it from DAP records.
Access Method Tab—Lets you configure the type of remote access permitted.
Unchanged—Continue with the current remote access method.
–
AnyConnect Client—Connect using the Cisco AnyConnect VPN Client.
–
Web-Portal—Connect with clientless VPN.
–
Both-default-Web-Portal—Connect via either clientless or the AnyConnect client, with a
–
default of clientless.
Both-default-AnyConnect Client—Connect via either clientless or the AnyConnect client, with
–
a default of AnyConnect.
AnyConnect Tab—Lets you choose the status of the Always-on VPN flag.
Always-On VPN for AnyConnect client—Determine if the always-on VPN flag setting in the
–
AnyConnect service profile is unchanged, disabled, or if the AnyConnect profile setting should
be used.
Note
This parameter requires a release of the Cisco IronPort Web Security appliance that
provides Secure Mobility Solution licensing support for the Cisco AnyConnect VPN
client. It also requires an AnyConnect release that supports "Secure Mobility Solution"
features. Refer to the Cisco AnyConnect VPN Client Administrator Guide for additional
information.
Security Context
Transparent Single
•
•
shows the Add AAA Attribute dialog box.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
Understanding VPN Access Policies
65-15