64-57
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Configuring SSL VPN Connections
–
Delete—Deletes the selected script. There is no confirmation or undo.
–
Use the entire DN as the username—Specifies that you want to use the entire Distinguished
Name field of the certificate as the username.
–
Specify the certificate fields to be used as the username—Specifies one or more fields to
combine into the username.
–
Primary Field—Selects the first field to use in the certificate for the username. If this value is
found, the secondary field is ignored.
–
Secondary Field—Selects the field to use if the primary field is not found.
• Find—Enter a GUI label or a CLI command to use as a search string, then click Next or Previous to
begin the search.
Modes
The following table shows the modes in which this feature is available:
Adding or Editing Content to a Script for Certificate Pre-Fill-Username
The Add or Edit Script Content dialog box lets you create an authentication or authorization script.
Note Both AnyConnect client and clientless WebVPN display “Unknown” in the username field when
pre-fill-username from certificate using a script cannot find the username in the client certificate.
Fields
• Script Name—Specify the name of the script. The script name must be the same in both
authorization and authentication.You define the script here, and CLI uses the same script to perform
this function.
• Select script parameters—Specify the attributes and content of the script.
• Value for Username—Select an attribute from the drop-down list of standard DN attributes to use as
the username (Subject DN).
• No Filtering—Specify that you want to use the entire specified DN name.
• Filter by substring— Specify the Starting Index (the position in the string of the first character to
match) and Ending Index (number of characters to search). If you choose this option, the starting
index cannot be blank. If you leave the ending index blank, it defaults to -1, indicating that the entire
string is searched for a match.
For example, suppose you selected the DN attribute Common Name (CN), which contains a value
of host/user. Table 64-1 shows some possible ways you might filter this value using the substring
option to achieve various return values. The Return Value is what is actually pre-filled as the
username.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
