Filter
Top Products
36-15
Cisco ASDM User Guide
OL-16647-01
Chapter 36 Configuring Dynamic Access Policies
Understanding VPN Access Policies
Fields
• Endpoint Attribute Type—Select from the drop-down list the endpoint attribute you want to set.
Options include Antispyware, Antivirus, Application, File, NAC, Operating System, Personal
Firewall, Process, Registry, VLAN, and Priority.
Endpoint attributes include these components, but not all attributes include all components. The
following descriptions show (in parentheses) the attributes to which each component applies.
• Exists/Does not exist buttons (Antispyware, Antivirus, Application, File, NAC, Operating System,
Personal Firewall, Process, Registry, VLAN, Priority)— Click the appropriate button to indicate
whether the selected endpoint attribute and its accompanying qualifiers (fields below the
Exists/Does not exist buttons) should be present or not.
• Vendor ID (Antispyware, Antivirus, Personal Firewall)—Identify the application vendor.
• Vendor Description (Antispyware, Antivirus, Personal Firewall)—Provide text that describes the
application vendor.
• Version (Antispyware, Antivirus, Personal Firewall)—Identify the version of the application, and
specify whether you want the endpoint attribute to be equal to/not equal to that version.
• Last Update (Antispyware, Antivirus, File)—Specify the number of days since the last update. You
might want to indicate that an update should occur in less than (<) or more than (>) the number of
days you enter here.
• Client Type (Application)—Indicate the type of remote access connection, AnyConnect, Clientless,
Cut-through Proxy, IPsec, or L2TP.
• Checksum (File)—Select the file and click the Compute Checksum button to arrive at this value.
• Compute CRC32 Checksum (File)—Use this calculator to determine the checksum value of a file.
• Posture Status (NAC)—Contains the posture token string received from ACS.
• OS Version (Operating System)—Windows (various), MAC, Linux, Pocket PC.
• Service Pack (Operating System)—Identify the service pack for the operating system.
• Endpoint ID (File, Process, Registry)—A string that identifies an endpoint for files, processes or
registry entries. DAP uses this ID to match Cisco Secure Desktop host scan attributes for DAP
selection. You must configure Host Scan before you configure this attribute. When you configure
Host Scan, the configuration displays in this pane, so you can select it, reducing the possibility of
errors in typing or syntax.
• Path (Process, Policy)—Configure Host Scan before you configure this attribute. When you
configure Host Scan, the configuration displays in this pane, so you can select it, reducing the
possibility of errors in typing or syntax.
• Value (Registry)—dword or string
• Caseless (Registry)—Select to disregard case in registry entries.
• VLAN ID (VLAN)—A valid 802.1q number ranging from 1 to 4094
• VLAN Type (VLAN)—Possible values include the following:
ACCESS Posture assessment passed
STATIC No posture assessment applied
TIMEOUT Posture assessment failed due to no response
AUTH Posture assessment still active
GUEST Posture assessment passed, switch to guest VLAN