31-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Configuring Dynamic Access Policies
About Advanced Expressions for AAA or Endpoint Attributes
In the text box you enter free-form LUA text that represents AAA and/or endpoint selection logical
operations. ASDM does not validate text that you enter here; it just copies this text to the DAP policy
file, and the security appliance processes it, discarding any expressions it cannot parse.
This option is useful for adding selection criteria other than what is possible in the AAA and endpoint
attribute areas above. For example, while you can configure the security appliance to use AAA attributes
that satisfy any, all, or none of the specified criteria, endpoint attributes are cumulative, and must all be
satisfied. To let the security appliance employ one endpoint attribute or another, you need to create
appropriate logical expressions in LUA and enter them here.
File endpoint.file.label.exists Secure
Desktop
true – The files exists
endpoint.file.label.lastmodified integer – Seconds since file
was last modified
endpoint.file.label.crc.32 integer – CRC32 hash of the
file
NAC endpoint.nac.status NAC string - User defined status
string
Operating
System
endpoint.os.version Secure
Desktop
string 32 Service pack for
Windows
endpoint.os.servicepack integer – Operating system
Personal
firewall
(Requires
Secure
Desktop)
endpoint.fw.label.exists Host Scan true – The personal
firewall exists
endpoint.fw.label.version string 32 Version
endpoint.fw.label.description string 128 Personal firewall
description
Policy endpoint.policy.location Secure
Desktop
string 64 Location value
from Cisco Secure
Desktop
Process endpoint.process.label.exists Secure
Desktop
true – The process exists
endpoint.process.label.path string 255 Full path of the
process
Registry endpoint.registry.label.type Secure
Desktop
dword
string
–dword
endpoint.registry.label.value string 255 Value of the
registry entry
VLAN endpoint.vlan.type CNA sting – VLAN type:
ACCESS
AUTH
ERROR
GUEST
QUARANTINE
ERROR
STATIC
TIMEOUT
Table 31-2 Endpoint Attribute Definitions (Continued)
