Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
70-23
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Configuring Endpoint Attributes Used in DAPs
Guidelines
You can create multiple instances of each type of endpoint attribute. For each of these types, you need
to decide whether the DAP policy should require that the user have all instances of a type (Match all =
AND) or only one of them (Match Any = OR).
To set this value, after you have defined all instances of the endpoint attribute, click the Logical Op.
button and select the Match Any or Match All button. If you do not specify a Logical Operation, Match
All is used by default.
Detailed Steps
You only need to configure one AnyConnect attribute in the Add Endpoint Attribute field except where
noted.
Step 1 In the Endpoint Attribute Type list box, select File.
Step 2 Select the appropriate Exists or Does not exist radio button to indicate whether the selected endpoint
attribute and its accompanying qualifiers (fields below the Exists/Does not exist buttons) should be
present or not.
Step 3 In the Endpoint ID list box, choose from the drop-down list the endpoint ID that equates to the file entry
for which you want to scan.
The file information is displayed below the Endpoint ID list box.
Step 4 Check the Last Update check box and set the operation field to be less than (<) or greater than (>) a
certain number of days old. Enter the number of days old in the days field.
Step 5 Check the Checksum checkbox and set the operation field to be equal to (=) or not equal to (!=) the
checksum value of the file you are testing for.
Step 6 Click Compute CRC32 Checksum to determine the checksum value of the file you are testing for.
Step 7 Click OK.
Step 8 Return to Configuring Dynamic Access Policies, page 70-10.
Additional References
See Endpoint Attribute Definitions, page 70-29 for additional information on the File endpoint attribute
requirements.
Adding a Device Endpoint Attribute to a DAP
Prerequisites
Configuring Device endpoint attributes as selection criteria for DAP records is part of a larger process.
Read Configuring Dynamic Access Policies, page 70-10 before you configure Device endpoint
attributes.