Cisco ASA 5505 User Manual
Page 1913
C-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
The following URL types are supported.
Note
The URLs listed in this table appear in CLI or ASDM menus based on whether or not the
associated plug-in is enabled.
Guidelines for Using Cisco-AV Pairs (ACLs)
•
Use Cisco-AV pair entries with the ip:inacl# prefix to enforce access lists for remote IPsec and SSL
VPN Client (SVC) tunnels.
•
Use Cisco-AV pair entries with the webvpn:inacl# prefix to enforce access lists for SSL VPN
clientless (browser-mode) tunnels.
•
For webtype ACLs, you do not specify the source because the ASA is the source.
lists the tokens for the Cisco-AV-pair attribute:
any All URLs
https://
post://
ssh://
cifs://
ica://
rdp://
telnet://
citrix://
imap4://
rdp2://
vnc://
citrixs://
ftp://
smart-tunnel://
http://
pop3://
smtp://
Table C-5
ASA-Supported Tokens
Token
Syntax Field
Description
ip:inacl#Num=
N/A (Identifier)
(Where Num is a unique integer.) Starts all AV pair access control lists. Enforces
access lists for remote IPsec and SSL VPN (SVC) tunnels.
webvpn:inacl#Num=
N/A (Identifier)
(Where Num is a unique integer.) Starts all clientless SSL AV pair access control
lists. Enforces access lists for clientless (browser-mode) tunnels.
deny
Action
Denies action. (Default)
permit
Action
Allows action.
icmp
Protocol
Internet Control Message Protocol (ICMP)
1
Protocol
Internet Control Message Protocol (ICMP)
IP
Protocol
Internet Protocol (IP)
0
Protocol
Internet Protocol (IP)
TCP
Protocol
Transmission Control Protocol (TCP)
6
Protocol
Transmission Control Protocol (TCP)
UDP
Protocol
User Datagram Protocol (UDP)
17
Protocol
User Datagram Protocol (UDP)
any
Hostname
Rule applies to any host.
host
Hostname
Any alpha-numeric string that denotes a hostname.
log
Log
When the event occurs, a filter log message appears. (Same as permit and log or
deny and log.)
lt
Operator
Less than value