Cisco ASA 5505 User Manual
Page 1905
C-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Group-Policy
Y
Y
String
Single
Sets the group policy for the remote
access VPN session. For version 8.2
and later, use this attribute instead of
IETF-Radius-Class. You can use
one of the three following formats:
•
group policy name
•
OU=group policy name
•
OU=group policy name:
IE-Proxy-Bypass-Local
Boolean Single
0=Disabled
1=Enabled
IE-Proxy-Exception-List
String
Single
A list of DNS domains. Entries must
be separated by the new line
character sequence (\n).
IE-Proxy-Method
Y
Y
Y
Integer
Single
1 = Do not modify proxy settings
2 = Do not use proxy
3 = Auto detect
4 = Use ASA setting
IE-Proxy-Server
Y
Y
Y
Integer
Single
IP address
IETF-Radius-Class
Y
Y
Y
Single
Sets the group policy for the remote
access VPN session. For versions
8.2 and later, we recommend that
you use the Group-Policy attribute.
You can use one of the three
following formats:
•
group policy name
•
OU=group policy name
•
OU=group policy name:
IETF-Radius-Filter-Id
Y
Y
Y
String
Single
Access list name that is defined on
the ASA. The setting applies to
VPN remote access IPsec and SSL
VPN clients.
IETF-Radius-Framed-IP-Address
Y
Y
Y
String
Single
An IP address. The setting applies to
VPN remote access IPsec and SSL
VPN clients.
IETF-Radius-Framed-IP-Netmask
Y
Y
Y
String
Single
An IP address mask. The setting
applies to VPN remote access IPsec
and SSL VPN clients.
IETF-Radius-Idle-Timeout
Y
Y
Y
Integer
Single
Seconds
Table C-2
ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
VPN 3000
ASA
PIX
Syntax/
Type
Single or
Multi-Valued
Possible Values