Cisco ASA 5505 User Manual

C-31

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External RADIUS Server

Required-Client-Firewall-Product-Code

Y

Y

Y

46

Integer

Single

Cisco Systems Products:

1 = Cisco Intrusion Prevention
Security Agent or Cisco
Integrated Client (CIC)

Zone Labs Products:
1 = Zone Alarm
2 = Zone AlarmPro
3 = Zone Labs Integrity

NetworkICE Product:
1 = BlackIce Defender/Agent

Sygate Products:
1 = Personal Firewall
2 = Personal Firewall Pro
3 = Security Agent

Required-Client-Firewall-Description

Y

Y

Y

47

String

Single

String

Require-HW-Client-Auth

Y

Y

Y

48

Boolean Single

0 = Disabled
1 = Enabled

Required-Individual-User-Auth

Y

Y

Y

49

Integer

Single

0 = Disabled
1 = Enabled

Authenticated-User-Idle-Timeout

Y

Y

Y

50

Integer

Single

1-35791394 minutes

Cisco-IP-Phone-Bypass

Y

Y

Y

51

Integer

Single

0 = Disabled
1 = Enabled

IPsec-Split-Tunneling-Policy

Y

Y

Y

55

Integer

Single

0 = No split tunneling
1 = Split tunneling
2 = Local LAN permitted

IPsec-Required-Client-Firewall-Capability

Y

Y

Y

56

Integer

Single

0 = None
1 = Policy defined by remote
FW Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server

IPsec-Client-Firewall-Filter-Name

Y

57

String

Single

Specifies the name of the filter
to be pushed to the client as
firewall policy

IPsec-Client-Firewall-Filter-Optional

Y

Y

Y

58

Integer

Single

0 = Required
1 = Optional

IPsec-Backup-Servers

Y

Y

Y

59

String

Single

1 = Use Client-Configured list
2 = Disable and clear client list
3 = Use Backup Server list

IPsec-Backup-Server-List

Y

Y

Y

60

String

Single

Server Addresses (space
delimited)

Table C-7

ASA Supported RADIUS Attributes and Values (continued)

Attribute Name

VPN
3000

ASA

PIX

Attr.
No.

Syntax/
Type

Single
or
Multi-
Valued

Description or Value