31-21
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)
Dynamic Access Page (ASA)
Note Duplicate entries are not allowed. If you configure a dynamic access policy with no AAA or endpoint
attributes, the security appliance always selects it since all selection criteria are satisfied.
Navigation Path
Open the Add/Edit Dynamic Access Policy Dialog Box, page 31-12 with the Main tab selected, then
click Create, or select a dynamic access policy in the table and click Edit. The Add/Edit DAP Entry
dialog box is displayed. Select AAA Attributes Cisco as the Criterion.
Related Topics
• Understanding DAP Attributes, page 31-3
• Configuring DAP Attributes, page 31-7
• Configuring Dynamic Access Policies, page 31-2
Field Reference
Table 31-6 Add/Edit DAP Entry Dialog Box > AAA Attributes Cisco
Element Description
Criterion Shows AAA Attributes Cisco as the selection criterion.
Group Policy Select the check box, select the matching criteria (for example, is) from
the drop-down list, and enter the name of the AAA server group
associated with the user. The maximum length is 64 characters.
AAA server groups represent collections of authentication servers
focused on enforcing specific aspects of your overall network security
policy.
IP Address Select the check box, select the matching criteria (for example, is) from
the drop-down list, and enter the assigned IP address.
Addresses are predefined network objects. You can also click Select to
open a dialog box that lists all available network hosts, and in which
you can create or edit network host objects.
Tip If you select this option and later look at the rule in ASDM, the
IP Address attribute is called Assigned IP Address.
Member-of Select the check box, select the matching criteria (for example, is) from
the drop-down list, and enter a comma-separated string of group policy
names that apply to the user. This attribute lets you indicate multiple
group membership. The maximum length is 128 characters.
Tip If you select this option, and later look at the rule in ASDM, this
option will not appear. In general, this option is not used
because it can be confused with the memberof LDAP attribute.
Because this rule applies to Local authentication, you might
want to use the Username attribute instead of the Member-of
attribute.
Username Select the check box, select the matching criteria (for example, is) from
the drop-down list, and enter the username of the authenticated user. A
maximum of 64 characters is allowed.
