Cisco ASA 5505 User Manual

C-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

IETF-Radius-Service-Type

Y

Y

Y

Integer

Single

1 = Login
2 = Framed
5 = Remote access
6 = Administrative
7 = NAS prompt

IETF-Radius-Session-Timeout

Y

Y

Y

Integer

Single

Seconds

IKE-Keep-Alives

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

IPsec-Allow-Passwd-Store

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

IPsec-Authentication

Y

Y

Y

Integer

Single

0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos or Active Directory

IPsec-Auth-On-Rekey

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

IPsec-Backup-Server-List

Y

Y

Y

String

Single

Server addresses (space delimited)

IPsec-Backup-Servers

Y

Y

Y

String

Single

1 = Use client-configured list
2 = Disabled and clear client list
3 = Use backup server list

IPsec-Client-Firewall-Filter- Name

Y

String

Single

Specifies the name of the filter to be
pushed to the client as firewall
policy.

IPsec-Client-Firewall-Filter-
Optional

Y

Y

Y

Integer

Single

0 = Required
1 = Optional

IPsec-Default-Domain

Y

Y

Y

String

Single

Specifies the single default domain
name to send to the client (1 - 255
characters).

IPsec-Extended-Auth-On-Rekey

Y

Y

String

Single

String

IPsec-IKE-Peer-ID-Check

Y

Y

Y

Integer

Single

1 = Required
2 = If supported by peer certificate
3 = Do not check

IPsec-IP-Compression

Y

Y

Y

Integer

Single

0 = Disabled
1 = Enabled

IPsec-Mode-Config

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

IPsec-Over-UDP

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

Table C-2

ASA Supported Cisco Attributes for LDAP Authorization (continued)

Attribute Name

VPN 3000

ASA

PIX

Syntax/
Type

Single or
Multi-Valued

Possible Values