Cisco ASA 5505 User Manual
Page 1906
C-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IETF-Radius-Service-Type
Y
Y
Y
Integer
Single
1 = Login
2 = Framed
5 = Remote access
6 = Administrative
7 = NAS prompt
IETF-Radius-Session-Timeout
Y
Y
Y
Integer
Single
Seconds
IKE-Keep-Alives
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
IPsec-Allow-Passwd-Store
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
IPsec-Authentication
Y
Y
Y
Integer
Single
0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos or Active Directory
IPsec-Auth-On-Rekey
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
IPsec-Backup-Server-List
Y
Y
Y
String
Single
Server addresses (space delimited)
IPsec-Backup-Servers
Y
Y
Y
String
Single
1 = Use client-configured list
2 = Disabled and clear client list
3 = Use backup server list
IPsec-Client-Firewall-Filter- Name
Y
String
Single
Specifies the name of the filter to be
pushed to the client as firewall
policy.
IPsec-Client-Firewall-Filter-
Optional
Y
Y
Y
Integer
Single
0 = Required
1 = Optional
IPsec-Default-Domain
Y
Y
Y
String
Single
Specifies the single default domain
name to send to the client (1 - 255
characters).
IPsec-Extended-Auth-On-Rekey
Y
Y
String
Single
String
IPsec-IKE-Peer-ID-Check
Y
Y
Y
Integer
Single
1 = Required
2 = If supported by peer certificate
3 = Do not check
IPsec-IP-Compression
Y
Y
Y
Integer
Single
0 = Disabled
1 = Enabled
IPsec-Mode-Config
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
IPsec-Over-UDP
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
Table C-2
ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
VPN 3000
ASA
PIX
Syntax/
Type
Single or
Multi-Valued
Possible Values