Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

36-16

Cisco ASDM User Guide

OL-16647-01

Chapter 36 Configuring Dynamic Access Policies

Understanding VPN Access Policies

• Policy (Location)—Enter the Cisco Secure Desktop Microsoft Windows location profile, case

sensitive.

Modes

The following table shows the modes in which this feature is available:

Guide

This section provides information about constructing logical expressions for AAA or Endpoint

attributes. Be aware that doing so requires sophisticated knowledge of Lua (www.lua.org).

In the text box you enter free-form Lua text that represents AAA and/or endpoint selection logical

operations. ASDM does not validate text that you enter here; it just copies this text to the DAP policy

file, and the security appliance processes it, discarding any expressions it cannot parse.

This option is useful for adding selection criteria other than what is possible in the AAA and endpoint

attribute areas above. For example, while you can configure the security appliance to use AAA attributes

that satisfy any, all, or none of the specified criteria, endpoint attributes are cumulative, and must all be

satisfied. To let the security appliance employ one endpoint attribute or another, you need to create j

appropriate logical expressions in Lua and enter them here.

• For a list of AAA Selection attributes, including proper name syntax for creating logical

expressions, see Table 36-1.

• For a list of endpoint selection attributes, including proper name syntax for creating logical

expressions, see Table 36-3.

Syntax for Creating Lua EVAL Expressions

This section provides information about the syntax for creating Lua EVAL expressions.

Note We recommend that you use EVAL expressions whenever possible for reasons of clarity, which makes

verifying the program straightforward.

EVAL(<attribute> , <comparison>, {<value> | <attribute>}, {<type>])

QUARANTINE Posture assessment failed, switch to quarantine VLAN

ERROR Posture assessment failed due to fatal error

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • •——

<attribute> AAA attribute or an attribute returned from Cisco Secure Desktop, see

Table 36-1 and Table 36-3 for attribute definitions

<comparison> One of the following strings (quotation marks required)

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual