B-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IE-Proxy-Method Y Y Y Integer Single 1 = Do not modify proxy settings
2 = Do not use proxy
3 = Auto detect
4 = Use adaptive security appliance
setting
IE-Proxy-Server Y Y Y Integer Single IP Address
IETF-Radius-Class Y Y Y Single Sets the group policy for the remote
access VPN session. For version 8.2
and later, we recommend that you
use the Group-Policy attribute. You
can use one of the three following
formats:
• <group policy name>
• OU=<group policy name>
• OU=<group policy name>;
IETF-Radius-Filter-Id Y Y Y String Single access list name that is defined on
the adaptive security appliance
IETF-Radius-Framed-IP-Address Y Y Y String Single An IP address
IETF-Radius-Framed-IP-Netmask Y Y Y String Single An IP address mask
IETF-Radius-Idle-Timeout Y Y Y Integer Single seconds
IETF-Radius-Service-Type Y Y Y Integer Single 1 = Login
2 = Framed
6 = Administrative
7 = NAS Prompt
IETF-Radius-Session-Timeout Y Y Y Integer Single seconds
IKE-Keep-Alives Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPSec-Allow-Passwd-Store Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPSec-Authentication Y Y Y Integer Single 0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos/Active Directory
IPSec-Auth-On-Rekey Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPSec-Backup-Server-List Y Y Y String Single Server Addresses (space delimited)
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
To Next Page
Loading...
