Cisco ASA 5505 User Manual

C-29

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External RADIUS Server

Use-Client-Address

Y

17

Boolean Single

0 = Disabled
1 = Enabled

PPTP-Encryption

Y

20

Integer

Single

Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required
15= 40/128-Encr/Stateless-Req

L2TP-Encryption

Y

21

Integer

Single

Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Req
15= 40/128-Encr/Stateless-Req

Group-Policy

Y

Y

25

String

Single

Sets the group policy for the
remote access VPN session. For
versions 8.2 and later, use this
attribute instead of
IETF-Radius-Class. You can
use one of the three following
formats:

•

group policy name

•

OU=group policy name

•

OU=group policy name;

IPsec-Split-Tunnel-List

Y

Y

Y

27

String

Single

Specifies the name of the
network/access list that
describes the split tunnel
inclusion list.

IPsec-Default-Domain

Y

Y

Y

28

String

Single

Specifies the single default
domain name to send to the
client (1-255 characters).

IPsec-Split-DNS-Names

Y

Y

Y

29

String

Single

Specifies the list of secondary
domain names to send to the
client (1-255 characters).

IPsec-Tunnel-Type

Y

Y

Y

30

Integer

Single

1 = LAN-to-LAN
2 = Remote access

IPsec-Mode-Config

Y

Y

Y

31

Boolean Single

0 = Disabled
1 = Enabled

IPsec-User-Group-Lock

Y

33

Boolean Single

0 = Disabled
1 = Enabled

Table C-7

ASA Supported RADIUS Attributes and Values (continued)

Attribute Name

VPN
3000

ASA

PIX

Attr.
No.

Syntax/
Type

Single
or
Multi-
Valued

Description or Value