64-76
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 64 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
• Operator—Select the operator used in the rule:
–
Equals—The distinguished name field must exactly match the value.
–
Contains—The distinguished name field must include the value within it.
–
Does Not Equal—The distinguished name field must not match the value
–
Does Not Contain—The distinguished name field must not include the value within it.
• Va lue —Enter up to 255 characters to specify the object of the operator. For Extended Key Usage,
select one of the pre-defined values in the drop-down list, or you can enter OIDs for other
extensions. The pre-defined values include the following:
Modes
The following table shows the modes in which this feature is available:
Organizational Unit
(OU)
The subgroup within the organization.
Serial Number (SER) The serial number of the certificate.
Surname (SN) The family name or last name of the certificate owner.
State/Province (S/P) The state or province where the organization is located.
Title (T) The title of the certificate owner, such as Dr.
User ID (UID) The identification number of the certificate owner.
Unstructured Name
(UNAME)
The unstructuredName attribute type specifies the name or names of a
subject as an unstructured ASCII string.
IP Address (IP) IP address field.
DN Field Definition
Selection Key Usage Purpose OID String
clientauth Client Authentication 1.3.6.1.5.5.7.3.2
codesigning Code Signing 1.3.6.1.5.5.7.3.3
emailprotection Secure Email Protection 1.3.6.1.5.5.7.3.4
ocspsigning OCSP Signing 1.3.6.1.5.5.7.3.9
serverauth Server Authentication 1.3.6.1.5.5.7.3.1
timestamping Time Stamping 1.3.6.1.5.5.7.3.8
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
