E-10
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix E Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
cVPN3000-IPSec-Client-Firewall-Filter-
Name
Y 40 String Single Specifies the name of the filter
to be pushed to the client as
firewall policy.
cVPN3000-IPSec-Client-Firewall-Filter-
Optional
YYY41IntegerSingle0 = Required
1 = Optional
cVPN3000-IPSec-Backup-Servers YYY42StringSingle1 = Use Client-Configured list
2 = Disabled and clear client
list
3 = Use Backup Server list
cVPN3000-IPSec-Backup-Server-List YYY43StringSingleServer Addresses (space
delimited)
cVPN3000-Client-Intercept-DHCP-
Configure-Msg
YYY44BooleanSingle0 = Disabled
1 = Enabled
cVPN3000-MS-Client-Subnet-Mask YYY45StringSingleAn IP address
cVPN3000-Allow-Network-Extension-
Mode
YYY46BooleanSingle0 = Disabled
1 = Enabled
cVPN3000-Strip-Realm YYY47BooleanSingle0 = Disabled
1 = Enabled
cVPN3000-Cisco-AV-Pair YYY48StringMultiAn octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard
Mask] [Destination]
[Destination Wildcard Mask]
[Established] [Log] [Operator]
[Port]
For more information, see
āCisco -AV-Pair Attribute
Syntax.ā
cVPN3000-User-Auth-Server-Name Y 49 String Single IP address or hostname
cVPN3000-User-Auth-Server-Port Y 50 Integer Single Port number for server protocol
cVPN3000-User-Auth-Server-Secret Y 51 String Single Server password
cVPN3000-Confidence-Interval YYY52IntegerSingle10 - 300 seconds
cVPN3000-Cisco-LEAP-Bypass YYY53IntegerSingle0 = Disabled
1 = Enabled
cVPN3000-DHCP-Network-Scope YYY54StringSingleIP address
Table E-2 Security Appliance Supported LDAP Cisco Schema Attributes (continued)
Attribute Name/
OID (Object Identifier)
VPN
3000 ASA PIX
Attr.
OID
1
Syntax/
Type
Single
or
Multi-
Valued Possible Values
To Next Page
Loading...
