Cisco ASA 5505 User Manual

C-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

Primary-DNS

Y

Y

Y

String

Single

An IP address

Primary-WINS

Y

Y

Y

String

Single

An IP address

Privilege-Level

Integer

Single

For usernames, 0 - 15

Required-Client-
Firewall-Vendor-Code

Y

Y

Y

Integer

Single

1 = Cisco Systems (with Cisco
Integrated Client)
2 = Zone Labs
3 = NetworkICE
4 = Sygate
5 = Cisco Systems (with Cisco
Intrusion Prevention Security
Agent)

Required-Client-Firewall-
Description

Y

Y

Y

String Single

—

Required-Client-Firewall-
Product-Code

Y

Y

Y

Integer

Single

Cisco Systems Products:

1 = Cisco Intrusion Prevention
Security Agent or Cisco Integrated
Client (CIC)

Zone Labs Products:

1 = Zone Alarm
2 = Zone AlarmPro
3 = Zone Labs Integrity

NetworkICE Product:

1 = BlackIce Defender/Agent

Sygate Products:

1 = Personal Firewall
2 = Personal Firewall Pro
3 = Security Agent

Require-HW-Client-Auth

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

Require-Individual-User-Auth

Y

Y

Y

Integer

Single

0 = Disabled
1 = Enabled

Secondary-DNS

Y

Y

Y

String

Single

An IP address

Secondary-WINS

Y

Y

Y

String

Single

An IP address

SEP-Card-Assignment

Integer

Single

Not used

Simultaneous-Logins

Y

Y

Y

Integer

Single

0 - 2147483647

Strip-Realm

Y

Y

Y

Boolean Single

0 = Disabled
1 = Enabled

TACACS-Authtype

Y

Y

Y

Interger Single

—

TACACS-Privilege-Level

Y

Y

Y

Interger Single

—

Tunnel-Group-Lock

Y

Y

String

Single

Name of the tunnel group or “none”

Table C-2

ASA Supported Cisco Attributes for LDAP Authorization (continued)

Attribute Name

VPN 3000

ASA

PIX

Syntax/
Type

Single or
Multi-Valued

Possible Values