Es (see, Table c-2 – Cisco ASA 5505 User Manual
Page 1904
C-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Table C-2
ASA Supported Cisco Attributes for LDAP Authorization
Attribute Name
VPN 3000
ASA
PIX
Syntax/
Type
Single or
Multi-Valued
Possible Values
Access-Hours
Y
Y
Y
String
Single
Name of the time-range
(for example, Business-Hours)
Allow-Network-Extension- Mode
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
Authenticated-User-Idle- Timeout
Y
Y
Y
Integer
Single
1 - 35791394 minutes
Authorization-Required
Y
Integer
Single
0 = No
1 = Yes
Authorization-Type
Y
Integer
Single
0 = None
1 = RADIUS
2 = LDAP
Banner1
Y
Y
Y
String
Single
Banner string for clientless and
client SSL VPN, and IPsec clients.
Banner2
Y
Y
Y
String
Single
Banner string for clientless and
client SSL VPN, and IPsec clients.
Cisco-AV-Pair
Y
Y
Y
String
Multi
An octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard Mask]
[Destination] [Destination Wildcard
Mask] [Established] [Log]
[Operator] [Port]
For more information, see the
“Cisco AV Pair Attribute Syntax”
section on page C-13
Cisco-IP-Phone-Bypass
Y
Y
Y
Integer
Single
0 = Disabled
1 = Enabled
Cisco-LEAP-Bypass
Y
Y
Y
Integer
Single
0 = Disabled
1 = Enabled
Client-Intercept-DHCP-
Configure-Msg
Y
Y
Y
Boolean Single
0 = Disabled
1 = Enabled
Client-Type-Version-Limiting
Y
Y
Y
String
Single
IPsec VPN client version number
string
Confidence-Interval
Y
Y
Y
Integer
Single
10 - 300 seconds
DHCP-Network-Scope
Y
Y
Y
String
Single
IP address
DN-Field
Y
Y
Y
String
Single
Possible values: UID, OU, O, CN,
L, SP, C, EA, T, N, GN, SN, I,
GENQ, DNQ, SER, and
use-entire-name.
Firewall-ACL-In
Y
Y
String
Single
Access list ID
Firewall-ACL-Out
Y
Y
String
Single
Access list ID