1-9
Cisco ASA Series CLI Configuration Guide
Appendix 1 Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IPsec-Split-Tunneling-Policy Y Y Y Integer Single 0 = Tunnel everything
1 = Split tunneling
2 = Local LAN permitted
IPsec-Split-Tunnel-List Y Y Y String Single Specifies the name of the network or
access list that describes the split
tunnel inclusion list.
IPsec-Tunnel-Type Y Y Y Integer Single 1 = LAN-to-LAN
2 = Remote access
L2TP-Encryption Y Integer Single Bitmap:
1 = Encryption required
2 = 40 bit
4 = 128 bits
8 = Stateless-Req
15 = 40/128-Encr/Stateless-Req
L2TP-MPPC-Compression Y Integer Single 0 = Disabled
1 = Enabled
MS-Client-Subnet-Mask Y Y Y String Single An IP address
PFS-Required Y Y Y Boolean Single 0 = No
1 = Yes
Port-Forwarding-Name Y Y String Single Name string (for example,
“Corporate-Apps”)
PPTP-Encryption Y Integer Single Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required
Example:
15 = 40/128-Encr/Stateless-Req
PPTP-MPPC-Compression Y Integer Single 0 = Disabled
1 = Enabled
Primary-DNS Y Y Y String Single An IP address
Primary-WINS Y Y Y String Single An IP address
Privilege-Level Integer Single For usernames, 0 - 15
Required-Client-
Firewall-Vendor-Code
Y Y Y Integer Single 1 = Cisco Systems (with Cisco
Integrated Client)
2 = Zone Labs
3 = NetworkICE
4 = Sygate
5 = Cisco Systems (with Cisco
Intrusion Prevention Security
Agent)
Table 1-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
VPN
3000 ASA PIX
Syntax/
Type
Single or
Multi-Value
dPossible Values
To Next Page
Loading...
