70-45
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Guide to Creating DAP Logical Expressions using LUA
Step 1 Navigate to the Add AAA attributes pane (Configuration > Remote Access VPN > Clientless SSL VPN
Access > Dynamic Access Policies > Add/Edit Dynamic Access Policy > AAA Attributes section > Add
AAA Attribute).
Step 2 For the AAA Attribute type, use the drop-down menu to choose LDAP.
Step 3 In the Attribute ID field, enter memberOf, exactly as you see it here. Case is important.
Step 4 In the Value field, use the drop-down menu to choose =, and in the adjacent field enter Engineering.
Step 5 In the Attribute ID field, enter memberOf, exactly as you see it here. Case is important.
Step 6 In the Value field, use the drop-down menu to select =, and in the adjacent field enter Employees.
Step 7 For the AAA attribute type, use the drop-down menu to choose Cisco.
Step 8 Check the Tunnel group box, use the drop-down menu to choose =, and in the adjacent drop-down list
select the appropriate tunnel group (connection policy).
Step 9 In the Network ACL Filters tab of the Access Policy Attributes area, choose the ACLs to apply to users
who meet the DAP criteria defined in the previous steps.
