B-11
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Required-Client-Firewall-
Product-Code
Y Y Y Integer Single Cisco Systems Products:
1 = Cisco Intrusion Prevention
Security Agent or Cisco
Integrated Client (CIC)
Zone Labs Products:
1 = Zone Alarm
2 = Zone AlarmPro
3 = Zone Labs Integrity
NetworkICE Product:
1 = BlackIce Defender/Agent
Sygate Products:
1 = Personal Firewall
2 = Personal Firewall Pro
3 = Security Agent
Require-HW-Client-Auth Y Y Y Boolean Single 0 = Disabled
1 = Enabled
Require-Individual-User-Auth Y Y Y Integer Single 0 = Disabled
1 = Enabled
Secondary-DNS Y Y Y String Single An IP address
Secondary-WINS Y Y Y String Single An IP address
SEP-Card-Assignment Integer Single Not used
Simultaneous-Logins Y Y Y Integer Single 0-2147483647
Strip-Realm Y Y Y Boolean Single 0 = Disabled
1 = Enabled
TACACS-Authtype Y Y Y Interger Single
TACACS-Privilege-Level Y Y Y Interger Single
Tunnel-Group-Lock Y Y String Single Name of the tunnel group or “none”
Tunneling-Protocols Y Y Y Integer Single 1 = PPTP
2 = L2TP
4 = IPSec
8 = L2TP/IPSec
16 = WebVPN.
8 and 4 are mutually exclusive
(0 - 11, 16 - 27 are legal values)
Use-Client-Address Y Boolean Single 0 = Disabled
1 = Enabled
User-Auth-Server-Name Y String Single IP address or hostname
User-Auth-Server-Port Y Integer Single Port number for server protocol
User-Auth-Server-Secret Y String Single Server password
WebVPN-ACL-Filters Y String Single Webtype Access-List name
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
To Next Page
Loading...
