Filter
Top Products
36-9
Cisco ASDM User Guide
OL-16647-01
Chapter 36 Configuring Dynamic Access Policies
Understanding VPN Access Policies
• Access Policy Attributes—These tabs let you set attributes for network and webtype ACL filters,
file access, HTTP proxy, URL entry and lists, port forwarding, and clientless SSL VPN access
methods. Attribute values that you configure here override authorization values in the AAA system,
including those in existing user, group, tunnel group, and default group records.
• Action Tab
–
Action—Specifies special processing to apply to a specific connection or session.
–
Continue—(Default) Click to apply access policy attributes to the session.
–
Terminate—Click to terminate the session.
–
User Message—Enter a text message to display on the portal page when this DAP record is
selected. Maximum 128 characters. A user message displays as a yellow orb. When a user logs
on it blinks three times to attract attention, and then it is still. If several DAP records are
selected, and each of them has a user message, all of the user messages display.
Note You can include in such messages URLs or other embedded text, which require that you use the
correct HTML tags.
For example: All contractors please read <a href='http://wwwin.abc.com/procedure.html'>
Instructions</a> for the procedure to upgrade your antivirus software.
• Network ACL Filters Tab—Lets you select and configure network ACLs to apply to this DAP
record. An ACL for DAP can contain permit or deny rules, but not both. If an ACL contains both
permit and deny rules, the security appliance rejects it.
–
Network ACL drop-down box—Select already configured network ACLs to add to this DAP
record. Only ACLs having all permit or all deny rules are eligible, and these are the only ACLs
that display here.
–
Manage...—Click to add, edit, and delete network ACLs.
–
Network ACL list—Displays the network ACLs for this DAP record.
–
Add—Click to add the selected network ACL from the drop-down box to the Network ACLs list
on the right.
–
Delete—Click to delete a highlighted network ACL from the Network ACLs list. You cannot
delete an ACL from the security appliance unless you first delete it from DAP records.
• Web-Type ACL Filters Tab—Lets you select and configure web-type ACLs to apply to this DAP
record. An ACL for DAP can contain only permit or deny rules. If an ACL contains both permit and
deny rules, the security appliance rejects it.
–
Web-Type ACL drop-down box—Select already configured web-type ACLs to add to this DAP
record. Only ACLs having all permit or all deny rules are eligible, and these are the only ACLs
that display here.
–
Manage...—Click to add, edit, and delete web-type ACLs.
–
Web-Type ACL list—Displays the web-type ACLs for this DAP record.
–
Add—Click to add the selected web-type ACL from the drop-down box to the Web-Type ACLs
list on the right.
–
Delete—Click to delete a web-type ACL from the Web-Type ACLs list. You cannot delete an
ACL from the security appliance unless you first delete it from DAP records.
• Functions Tab—Lets you configure file server entry and browsing, HTTP proxy, and URL entry for
the DAP record.