Name: Cisco 5510 - ASA SSL / IPsec VPN Edition
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

65-5

Cisco ASA 5500 Series Configuration Guide using ASDM

OL-20339-01

Chapter 65 Configuring Dynamic Access Policies

Understanding VPN Access Policies

AAA Attribute Definitions

Table 65-1 defines the AAA selection attribute names that are available for DAP use. The Attribute

Name field shows you how to enter each attribute name in a Lua logical expression, which you might do

in the Advanced section of the Add/Edit Dynamic Access Policy pane.

DAP and Endpoint Security

The adaptive security appliance obtains endpoint security attributes by using posture assessment

methods that you configure. These include Cisco Secure Desktop and NAC. For details, see the Cisco

Secure Desktop section of ASDM. Table 65-2 identifies each of the remote access protocols DAP

supports, the posture assessment tools available for that method, and the information that tool provides.

Table 65-1 AAA Selection Attributes for DAP Use

Attribute

Type Attribute Name Source Value

Max String

Length Description

Cisco aaa.cisco.grouppolicy AAA string 64 Group policy name on the adaptive security

appliance or sent from a Radius/LDAP

server as the IETF-CLass (25) attribute

aaa.cisco.ipaddress AAA number - Assigned IP address for full tunnel VPN

clients (IPsec, L2TP/IPsec, SSL VPN

AnyConnect)

aaa.cisco.tunnelgroup AAA string 64 Connection profile (tunnel group) name

aaa.cisco.username AAA string 64 Name of the authenticated user (applies if

using Local authentication/authorization)

LDAP aaa.ldap.<label> LDAP string 128 LDAP attribute value pair

RADIUS aaa.radius.<number> RADIUS string 128 Radius attribute value pair

See Security Appliance Supported RADIUS Attributes and Values for a table that lists RADIUS attributes that the security

appliance supports.

Table 65-2 DAP Posture Assessment

Remote Access Protocol Cisco Secure Desktop Host Scan NAC

Cisco NAC

Appliance

Returns files information,

registry key values, running

processes, operating system

Returns antivirus,

antispyware, and personal

firewall software information

Returns NAC

status

Returns VLAN

Type and

VLAN IDs

IPsec VPN —

1. — indicates no; X indicates yes.

—XX

Cisco AnyConnect VPN X X X X

Clientless VPN X X — —

PIX Cut-through Proxy — — — —

Brand	Cisco
Model	5510 - ASA SSL / IPsec VPN Edition
Category	Firewall
Language	English

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Questions and Answers:

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

Related product manuals