Asa ietf radius authorization attributes – Cisco ASA 5505 User Manual

C-36

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External RADIUS Server

ASA IETF RADIUS Authorization Attributes

Table C-8

lists the supported IETF RADIUS attributes.

IPv6-VPN-Filter

Y

219

String

Single

ACL value

Privilege-Level

Y

Y

220

Integer

Single

An integer between 0 and 15.

WebVPN-Macro-Value1

Y

223

String

Single

Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:

http://supportwiki.cisco.com/Vi
ewWiki/index.php/Cisco_ASA
_5500_SSL_VPN_Deployment
_Guide%2C_Version_8.x

WebVPN-Macro-Value2

Y

224

String

Single

Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:

http://supportwiki.cisco.com/Vi
ewWiki/index.php/Cisco_ASA
_5500_SSL_VPN_Deployment
_Guide%2C_Version_8.x

Table C-7

ASA Supported RADIUS Attributes and Values (continued)

Attribute Name

VPN
3000

ASA

PIX

Attr.
No.

Syntax/
Type

Single
or
Multi-
Valued

Description or Value

Table C-8

ASA Supported IETF RADIUS Attributes and Values

Attribute Name

VPN
3000

ASA

PIX

Attr.
No.

Syntax/
Type

Single or
Multi-
Valued

Description or Value

IETF-Radius-Class

Y

Y

Y

25

Single

For Versions 8.2.x and later, we
recommend that you use the
Group-Policy attribute (VSA 3076,
#25) as described in

Table C-7

:

•

group policy name

•

OU=group policy name

•

OU=group policy name

IETF-Radius-Filter-Id

Y

Y

Y

11

String

Single

Access list name that is defined on the
ASA, which applies only to full
tunnel IPsec and SSL VPN clients

IETF-Radius-Framed-IP-Address

Y

Y

Y

n/a

String

Single

An IP address

IETF-Radius-Framed-IP-Netmask

Y

Y

Y

n/a

String

Single

An IP address mask

IETF-Radius-Idle-Timeout

Y

Y

Y

28

Integer

Single

Seconds