65-20
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 65 Configuring Dynamic Access Policies
Understanding VPN Access Policies
Figure 65-6 Add Endpoint Attributes Dialog Box
Endpoint attributes contain information about the endpoint system environment, posture assessment
results, and applications. The adaptive security appliance dynamically generates a collection of endpoint
attributes during session establishment, and stores these attributes in a database associated with the
session. There is no limit for the number of endpoint attributes for each DAP record.
Each DAP record specifies the endpoint selection attributes that must be satisfied for the adaptive
security appliance to select it. The adaptive security appliance selects only DAP records that satisfy
every condition configured.
For detailed information about Endpoint attributes, see Endpoint Attribute Definitions.
To configure endpoint attributes as selection criteria for DAP records, in the Add/Edit Endpoint Attribute
dialog box, set components. These components change according to the attribute type you select.
Fields
• Endpoint Attribute Type—Choose from the drop-down list the endpoint attribute you want to set.
Options include Antispyware, Antivirus, Application, File, NAC, Operating System, Personal
Firewall, Process, Registry, VLAN, and Priority.
Endpoint attributes include these components, but not all attributes include all components. The
following descriptions show (in parentheses) the attributes to which each component applies.
• Exists/Does not exist buttons (Antispyware, Antivirus, Application, File, NAC, Operating System,
Personal Firewall, Process, Registry, VLAN, Priority)— Click the appropriate button to indicate
whether the selected endpoint attribute and its accompanying qualifiers (fields below the
Exists/Does not exist buttons) should be present or not.
• Vendor ID (Antispyware, Antivirus, Personal Firewall)—Identify the application vendor.
• Vendor Description (Antispyware, Antivirus, Personal Firewall)—Provide text that describes the
application vendor.
• Version (Antispyware, Antivirus, Personal Firewall)—Identify the version of the application, and
specify whether you want the endpoint attribute to be equal to/not equal to that version.
• Last Update (Antispyware, Antivirus, File)—Specify the number of days since the last update. You
might want to indicate that an update should occur in less than (<) or more than (>) the number of
days you enter here.