Cisco ASA 5505 User Manual

C-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

Group-Policy

Y

Y

String

Single

Sets the group policy for the remote
access VPN session. For version 8.2
and later, use this attribute instead of
IETF-Radius-Class. You can use
one of the three following formats:

•

group policy name

•

OU=group policy name

•

OU=group policy name:

IE-Proxy-Bypass-Local

Boolean Single

0=Disabled
1=Enabled

IE-Proxy-Exception-List

String

Single

A list of DNS domains. Entries must
be separated by the new line
character sequence (\n).

IE-Proxy-Method

Y

Y

Y

Integer

Single

1 = Do not modify proxy settings
2 = Do not use proxy
3 = Auto detect
4 = Use ASA setting

IE-Proxy-Server

Y

Y

Y

Integer

Single

IP address

IETF-Radius-Class

Y

Y

Y

Single

Sets the group policy for the remote
access VPN session. For versions
8.2 and later, we recommend that
you use the Group-Policy attribute.
You can use one of the three
following formats:

•

group policy name

•

OU=group policy name

•

OU=group policy name:

IETF-Radius-Filter-Id

Y

Y

Y

String

Single

Access list name that is defined on
the ASA. The setting applies to
VPN remote access IPsec and SSL
VPN clients.

IETF-Radius-Framed-IP-Address

Y

Y

Y

String

Single

An IP address. The setting applies to
VPN remote access IPsec and SSL
VPN clients.

IETF-Radius-Framed-IP-Netmask

Y

Y

Y

String

Single

An IP address mask. The setting
applies to VPN remote access IPsec
and SSL VPN clients.

IETF-Radius-Idle-Timeout

Y

Y

Y

Integer

Single

Seconds

Table C-2

ASA Supported Cisco Attributes for LDAP Authorization (continued)

Attribute Name

VPN 3000

ASA

PIX

Syntax/
Type

Single or
Multi-Valued

Possible Values