B-7
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Cisco-AV-Pair Y Y Y String Multi An octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard Mask]
[Destination] [Destination Wildcard
Mask] [Established] [Log]
[Operator] [Port]
For more information, see “Cisco
AV Pair Attribute Syntax.”
Cisco-IP-Phone-Bypass Y Y Y Integer Single 0 = Disabled
1 = Enabled
Cisco-LEAP-Bypass Y Y Y Integer Single 0 = Disabled
1 = Enabled
Client-Intercept-DHCP-
Configure-Msg
Y Y Y Boolean Single 0 = Disabled
1 = Enabled
Client-Type-Version-Limiting Y Y Y String Single IPSec VPN client version number
string
Confidence-Interval Y Y Y Integer Single 10 - 300 seconds
DHCP-Network-Scope Y Y Y String Single IP address
DN-Field Y Y Y String Single Possible values: UID, OU, O, CN,
L, SP, C, EA, T, N, GN, SN, I,
GENQ, DNQ, SER,
use-entire-name.
Firewall-ACL-In Y Y String Single Access list ID
Firewall-ACL-Out Y Y String Single Access list ID
Group-Policy Y Y String Single Sets the group policy for the remote
access VPN session. For version 8.2
and later, use this attribute instead of
IETF-Radius-Class. You can use
one of the three following formats:
• <group policy name>
• OU=<group policy name>
• OU=<group policy name>;
IE-Proxy-Bypass-Local Boolean Single 0=Disabled
1=Enabled
IE-Proxy-Exception-List String Single A list of DNS domains. Entries must
be separated by the new line
character sequence (\n).
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
To Next Page
Loading...
