Cisco ASA 5505 Configuration Manual page 1444

Understanding VPN Access Policies
Figure 65-6
Endpoint attributes contain information about the endpoint system environment, posture assessment
results, and applications. The adaptive security appliance dynamically generates a collection of endpoint
attributes during session establishment, and stores these attributes in a database associated with the
session. There is no limit for the number of endpoint attributes for each DAP record.
Each DAP record specifies the endpoint selection attributes that must be satisfied for the adaptive
security appliance to select it. The adaptive security appliance selects only DAP records that satisfy
every condition configured.
For detailed information about Endpoint attributes, see
To configure endpoint attributes as selection criteria for DAP records, in the Add/Edit Endpoint Attribute
dialog box, set components. These components change according to the attribute type you select.
Fields
Endpoint Attribute Type—Choose from the drop-down list the endpoint attribute you want to set.
•
Options include Antispyware, Antivirus, Application, File, NAC, Operating System, Personal
Firewall, Process, Registry, VLAN, and Priority.
Endpoint attributes include these components, but not all attributes include all components. The
following descriptions show (in parentheses) the attributes to which each component applies.
• Exists/Does not exist buttons (Antispyware, Antivirus, Application, File, NAC, Operating System,
Personal Firewall, Process, Registry, VLAN, Priority)— Click the appropriate button to indicate
whether the selected endpoint attribute and its accompanying qualifiers (fields below the
Exists/Does not exist buttons) should be present or not.
Vendor ID (Antispyware, Antivirus, Personal Firewall)—Identify the application vendor.
•
Vendor Description (Antispyware, Antivirus, Personal Firewall)—Provide text that describes the
•
application vendor.
Version (Antispyware, Antivirus, Personal Firewall)—Identify the version of the application, and
•
specify whether you want the endpoint attribute to be equal to/not equal to that version.
Last Update (Antispyware, Antivirus, File)—Specify the number of days since the last update. You
•
might want to indicate that an update should occur in less than (<) or more than (>) the number of
days you enter here.
Cisco ASA 5500 Series Configuration Guide using ASDM
65-20
Add Endpoint Attributes Dialog Box
Chapter 65 Configuring Dynamic Access Policies
Endpoint Attribute Definitions.
OL-20339-01