EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1738 background imageLoading...
Page #1738 background image
B-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Defining the Security Appliance LDAP Configuration
This section describes how to define the LDAP AV-pair attribute syntax. It includes the following topics:
• Supported Cisco Attributes for LDAP Authorization, page B-6
• Cisco AV Pair Attribute Syntax, page B-13
• Cisco AV Pairs ACL Examples, page B-15
Note The adaptive security appliance enforces the LDAP attributes based on attribute name, not numeric ID.
RADIUS attributes, on the other hand, are enforced by numeric ID, not by name.
Authorization refers to the process of enforcing permissions or attributes. An LDAP server defined as
an authentication or authorization server will enforce permissions or attributes if they are configured.
For software Version 7.0, LDAP attributes include the cVPN3000 prefix. For Version 7.1 and later, this
prefix was removed.
Supported Cisco Attributes for LDAP Authorization
This section provides a complete list of attributes (Table B-2) for the ASA 5500, VPN 3000, and PIX
500 series adaptive security appliances. The table includes attribute support information for the VPN
3000 and PIX 500 series to assist you configure networks with a mixture of these adaptive security
appliances.
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
Access-Hours Y Y Y String Single Name of the time-range
(for example, Business-Hours)
Allow-Network-Extension- Mode Y Y Y Boolean Single 0 = Disabled
1 = Enabled
Authenticated-User-Idle- Timeout Y Y Y Integer Single 1 - 35791394 minutes
Authorization-Required Y Integer Single 0 = No
1 = Yes
Authorization-Type Y Integer Single 0 = None
1 = RADIUS
2 = LDAP
Banner1 Y Y Y String Single Banner string for clientless and
client SSL VPN, and IPSec clients.
Banner2 Y Y Y String Single Banner string for clientless and
client SSL VPN, and IPSec clients.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals