70-36
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Performing a DAP Trace
Note This parameter requires a release of the Cisco IronPort Web Security appliance that
provides Secure Mobility Solution licensing support for the Cisco AnyConnect VPN
client. It also requires an AnyConnect release that supports “Secure Mobility Solution”
features. Refer to the Cisco AnyConnect VPN Client Administrator Guide for additional
information.
Performing a DAP Trace
By performing a DAP trace you can display the DAP endpoint attributes for all connected devices.
Prerequisites
Log on to the ASA from an SSH terminal and enter Privileged Exec mode. In Privileged Exec mode, the
ASA displays this prompt:
hostname#
Detailed Steps
Additional References
In order to search the output of the DAP trace, send the output of the command to a sytem log. To learn
more about logging on the ASA see Configuring Logging in the Cisco ASA 5500 Series Configuration
Guide using the CLI, 8.4.
Guide to Creating DAP Logical Expressions using LUA
This section provides information about constructing logical expressions for AAA or Endpoint
attributes. Be aware that doing so requires sophisticated knowledge of Lua (www.lua.org).
Command Purpose
Step 1
debug dap trace
Example
hostname# debug dap trace
Enables DAP debugs to display all DAP attributes for the session in the
terminal window.
Example output:
This is a small fragment of the output one receives from running the
debug dap trace command
endpoint.anyconnect.clientversion="0.16.0021";
endpoint.anyconnect.platform="apple-ios";
endpoint.anyconnect.platformversion="4.1";
endpoint.anyconnect.devicetype="iPhone1,2";
endpoint.anyconnect.deviceuniqueid="dd13ce3547f2fa1b2c3d4e5f
6g7h8i9j0fa03f75";