1-8
Cisco ASA Series CLI Configuration Guide
Appendix 1 Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IPsec-Authentication Y Y Y Integer Single 0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos or Active Directory
IPsec-Auth-On-Rekey Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Backup-Server-List Y Y Y String Single Server addresses (space delimited)
IPsec-Backup-Servers Y Y Y String Single 1 = Use client-configured list
2 = Disabled and clear client list
3 = Use backup server list
IPsec-Client-Firewall-Filter- Name Y String Single Specifies the name of the filter to be
pushed to the client as firewall
policy.
IPsec-Client-Firewall-Filter-
Optional
Y Y Y Integer Single 0 = Required
1 = Optional
IPsec-Default-Domain Y Y Y String Single Specifies the single default domain
name to send to the client (1 - 255
characters).
IPsec-Extended-Auth-On-Rekey Y Y String Single String
IPsec-IKE-Peer-ID-Check Y Y Y Integer Single 1 = Required
2 = If supported by peer certificate
3 = Do not check
IPsec-IP-Compression Y Y Y Integer Single 0 = Disabled
1 = Enabled
IPsec-Mode-Config Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Over-UDP Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Over-UDP-Port Y Y Y Integer Single 4001 - 49151; The default is 10000.
IPsec-Required-Client-Firewall-
Capability
Y Y Y Integer Single 0 = None
1 = Policy defined by remote FW
Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
IPsec-Sec-Association Y String Single Name of the security association
IPsec-Split-DNS-Names Y Y Y String Single Specifies the list of secondary
domain names to send to the client
(1 - 255 characters).
Table 1-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
VPN
3000 ASA PIX
Syntax/
Type
Single or
Multi-Value
dPossible Values
To Next Page
Loading...
Need help?
General
