Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

36-14

Cisco ASDM User Guide

OL-16647-01

Chapter 36 Configuring Dynamic Access Policies

Understanding VPN Access Policies

Retrieve AD Groups from selected AD Server Group

You can query an Active Directory server for available AD groups in this window. This feature applies

only to Active Directory servers using LDAP. Use the group information to specify dynamic access

policy AAA selection criteria.

You can change the level in the Active Directory hierarchy where the search begins by changing the

Group Base DN in the Edit AAA Server window. You can also change the time that the security appliance

waits for a response from the server in the window. To configure these features, go to:

Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups > Edit AAA Server.

Note If the Active Directory server has a large number of groups, the list of AD groups retrieved may be

truncated based on limitations of the amount of data the server can fit into a response packet. To avoid

this problem, use the filter feature to reduce the number of groups reported by the server.

Fields

AD Server Group—The name of the AAA server group to retrieve AD groups.

Filter By—Specify a group or the partial name of a group to reduce the groups displayed.

Group Name—A list of AD groups retrieved from the server.

Modes

The following table shows the modes in which this feature is available:

Add/Edit Endpoint Attributes

Endpoint attributes contain information about the endpoint system environment, posture assessment

results, and applications. The security appliance dynamically generates a collection of endpoint

attributes during session establishment, and stores these attributes in a database associated with the

session. There is no limit for the number of endpoint attributes for each DAP record.

Each DAP record specifies the endpoint selection attributes that must be satisfied for the security

appliance to select it. The security appliance selects only DAP records that satisfy every condition

configured.

For detailed information about Endpoint attributes, click the following link:

• Endpoint Attribute Definitions

To configure endpoint attributes as selection criteria for DAP records, in the Add/Edit Endpoint

Attribute dialog box, set components. These components change according to the attribute type you

select.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • •——

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual