Es (see, Table c-2 – Cisco ASA 5505 User Manual

C-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

Table C-2

ASA Supported Cisco Attributes for LDAP Authorization

Attribute Name

VPN 3000

ASA

PIX

Syntax/
Type

Single or
Multi-Valued

Possible Values

Access-Hours

Y

Y

Y

String

Single

Name of the time-range
(for example, Business-Hours)

Allow-Network-Extension- Mode

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

Authenticated-User-Idle- Timeout

Y

Y

Y

Integer

Single

1 - 35791394 minutes

Authorization-Required

Y

Integer

Single

0 = No
1 = Yes

Authorization-Type

Y

Integer

Single

0 = None
1 = RADIUS
2 = LDAP

Banner1

Y

Y

Y

String

Single

Banner string for clientless and
client SSL VPN, and IPsec clients.

Banner2

Y

Y

Y

String

Single

Banner string for clientless and
client SSL VPN, and IPsec clients.

Cisco-AV-Pair

Y

Y

Y

String

Multi

An octet string in the following
format:

[Prefix] [Action] [Protocol]
[Source] [Source Wildcard Mask]
[Destination] [Destination Wildcard
Mask] [Established] [Log]
[Operator] [Port]

For more information, see the

“Cisco AV Pair Attribute Syntax”
section on page C-13

.”

Cisco-IP-Phone-Bypass

Y

Y

Y

Integer

Single

0 = Disabled
1 = Enabled

Cisco-LEAP-Bypass

Y

Y

Y

Integer

Single

0 = Disabled
1 = Enabled

Client-Intercept-DHCP-
Configure-Msg

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

Client-Type-Version-Limiting

Y

Y

Y

String

Single

IPsec VPN client version number
string

Confidence-Interval

Y

Y

Y

Integer

Single

10 - 300 seconds

DHCP-Network-Scope

Y

Y

Y

String

Single

IP address

DN-Field

Y

Y

Y

String

Single

Possible values: UID, OU, O, CN,
L, SP, C, EA, T, N, GN, SN, I,
GENQ, DNQ, SER, and
use-entire-name.

Firewall-ACL-In

Y

Y

String

Single

Access list ID

Firewall-ACL-Out

Y

Y

String

Single

Access list ID