Using an ldap server – Cisco ASA 5505 User Manual

Page 1618

Advertising
background image

74-32

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Connection Profile Attributes for Clientless SSL VPN

For example, to assign a clientless SSL VPN user to the SSL_VPN group, set the RADIUS Class
Attribute to a value of OU=SSL_VPN; (Do not omit the semicolon.)

Using an LDAP Server

Using an LDAP server to authenticate users, assign users to group policies by following these steps:

Step 1

Authenticate the user with LDAP and use the Group Policy attribute to assign that user to a particular
group policy.

Step 2

Set the Group Policy attribute to the group policy name in one of these formats:

<group policy name>

OU=<group policy name>

OU=<group policy name>;

For example, to assign a clientless SSL VPN user to the SSL_VPN group, set the LDAP Group Policy
Attribute to a value of SSL_VPN, OU=SSL_VPN, or OU=SSL_VPN;.

Configuring Connection Profile Attributes for Clientless SSL
VPN

Table 74-2

provides a list of connection profile attributes that are specific to clientless SSL VPN. In

addition to these attributes, you configure general connection profile attributes common to all VPN
connections. For step-by-step information on configuring connection profiles, see

Chapter 67,

“Configuring Connection Profiles, Group Policies, and Users.”

Note

In earlier releases, “connection profiles” were known as “tunnel groups.” You configure a connection
profile with tunnel-group commands. This chapter often uses these terms interchangeably.

Table 74-2

Connection Profile Attributes for Clientless SSL VPN

Command

Function

authentication

Sets the authentication method.

customization

Identifies the name of a previously defined customization to apply.

nbns-server

Identifies the name of the NetBIOS Name Service server (nbns-server) to use
for CIFS name resolution.

group-alias

Specifies the alternate names by which the server can refer to a connection
profile.

group-url

Identifies one or more group URLs. If you configure this attribute, users
coming in on a specified URL need not select a group at login.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals