With DAP from the ASDM you can configure attributes based on machine settings using posture validation, such as checking for CSA, Antivirus, Cisco Secure Desktop etc. To my knowledge none of the posture validation is possible from the command line. You can do some basic settings for WebVPN and other attributes that you can tie back to either LDAP or RADIUS values for remote access sessions.
You can read the "SSL Remote Access VPN's" book by Frahim and Huang if you want to get more information than I have given above. Hope this helps. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Pieter-Jan Nefkens [mailto:[email protected]] Sent: Wednesday, May 19, 2010 9:11 AM To: Tyson Scott Cc: 'Kingsley Charles'; 'OSL Security' Subject: Re: [OSL | CCIE_Security] DAP and CCIE Exam Tyson, Do you know what kind of limitations? It looked pretty complete to me (but I only checked it on an 8.2 subset as we use that with all our customers).. PJ On May 19, 2010, at 2:56 PM, Tyson Scott wrote: Pieter, It is limited as to what you can do from the command line but it is available. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Pieter-Jan Nefkens Sent: Wednesday, May 19, 2010 8:52 AM To: Kingsley Charles Cc: OSL Security Subject: Re: [OSL | CCIE_Security] DAP and CCIE Exam Hi Kings, true, butASA 8.0 also supports dynamic access policies on sslvpn and remote access vpn to override /merge the settings you specify in the user - tunnel-group - group-policy model. (which is a great way to create a single SSLVPN portal and based on the AD group membership you can get your bookmarks), but would it be a question on the lab?? Anyone an idea? Kid regards Pieter-Jan On May 19, 2010, at 5:26 AM, Kingsley Charles wrote: The lab has 8.0 which supports CLI option of configuring URL filter. With regards Kings On Wed, May 19, 2010 at 2:13 AM, Pieter-Jan Nefkens <[email protected]> wrote: Hi all, Just wondering.. Would it be possible for the CCIE Lab exam to ask for Dynamic Access Policies? I tend to configure them usually using asdm (yes, I know, but it's a bit easier).. ;-) But I also just found out, it's also possible to do it with CLI.. Would it be a possibility to configure DAP? Kind regards Pieter-Jan --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/ Think before you print. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/ <image001.gif> Think before you print. --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/ Think before you print.
<<image001.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
