Cisco ASA 5505 User Manual

C-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

IPsec-Over-UDP-Port

Y

Y

Y

Integer

Single

4001 - 49151; The default is 10000.

IPsec-Required-Client-Firewall-
Capability

Y

Y

Y

Integer

Single

0 = None
1 = Policy defined by remote FW
Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server

IPsec-Sec-Association

Y

String

Single

Name of the security association

IPsec-Split-DNS-Names

Y

Y

Y

String

Single

Specifies the list of secondary
domain names to send to the client
(1 - 255 characters).

IPsec-Split-Tunneling-Policy

Y

Y

Y

Integer

Single

0 = Tunnel everything
1 = Split tunneling
2 = Local LAN permitted

IPsec-Split-Tunnel-List

Y

Y

Y

String

Single

Specifies the name of the network or
access list that describes the split
tunnel inclusion list.

IPsec-Tunnel-Type

Y

Y

Y

Integer

Single

1 = LAN-to-LAN
2 = Remote access

IPsec-User-Group-Lock

Y

Boolean Single

0 = Disabled
1 = Enabled

L2TP-Encryption

Y

Integer

Single

Bitmap:

1 = Encryption required
2 = 40 bit
4 = 128 bits
8 = Stateless-Req
15 = 40/128-Encr/Stateless-Req

L2TP-MPPC-Compression

Y

Integer

Single

0 = Disabled
1 = Enabled

MS-Client-Subnet-Mask

Y

Y

Y

String

Single

An IP address

PFS-Required

Y

Y

Y

Boolean Single

0 = No
1 = Yes

Port-Forwarding-Name

Y

Y

String

Single

Name string (for example,
“Corporate-Apps”)

PPTP-Encryption

Y

Integer

Single

Bitmap:

1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required

Example:
15 = 40/128-Encr/Stateless-Req

PPTP-MPPC-Compression

Y

Integer

Single

0 = Disabled
1 = Enabled

Table C-2

ASA Supported Cisco Attributes for LDAP Authorization (continued)

Attribute Name

VPN 3000

ASA

PIX

Syntax/
Type

Single or
Multi-Valued

Possible Values