Cisco Systems OL-16647-01 Network Router User Manual


  Open as PDF
of 1230
 
36-4
Cisco ASDM User Guide
OL-16647-01
Chapter 36 Configuring Dynamic Access Policies
Understanding VPN Access Policies
DAP and Endpoint Security
The security appliance obtains endpoint security attributes by using posture assessment methods that you
configure. These include Cisco Secure Desktop and NAC. For details, see the Cisco Secure Desktop
section of ASDM. Table 36-2 identifies each of the remote access protocols DAP supports, the posture
assessment tools available for that method, and the information that tool provides.
Endpoint Attribute Definitions
Table 36-3 defines the endpoint selection attribute names that are available for DAP use.The Attribute
Name field shows you how to enter each attribute name in a Lua logical expression, which you might do
in the Advanced area inthe Add/Edit Dynamic Access Policy pane. The label variable identifies the
application, filename, process, or registry entry.
LDAP aaa.ldap.<label> LDAP string 128 LDAP attribute value pair
RADIUS aaa.radius.<number> RADIUS string 128 Radius attribute value pair
Refer to Security Appliance Supported RADIUS Attributes and Values for a table that lists RADIUS attributes that the
security appliance supports.
Table 36-1 AAA Selection Attributes for DAP Use (continued)
Table 36-2 DAP Posture Assessment
Remote Access Protocol Cisco Secure Desktop Host Scan NAC
Cisco NAC
Appliance
Returns files information,
registry key values, running
processes, operating system
Returns antivirus,
antispyware, and personal
firewall software information
Returns NAC
status
Returns VLAN
Type and
VLAN IDs
IPsec VPN
1
1. — indicates no; X indicates yes
—XX
Cisco AnyConnect VPN X X X X
Clientless VPN X X
PIX Cut-through Proxy
Table 36-3 Endpoint Attribute Definitions
Attribute Type Attribute Name Source Value
Max
String
Length Description
Antispyware
(Requires
Cisco Secure
Desktop)
endpoint.as.label.exists Host Scan true Antispyware program exists
endpoint.as.label.version string 32 Version
endpoint.as.label.description string 128 Antispyware description
endpoint.as.label.lastupdate integer Seconds since update of antispyware
definitions
 previous next