69-96
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Add/Edit Connection Profile > General > Authentication
This dialog box is available for IPsec on Remote Access and Site-to-Site tunnel groups. The settings on
this dialog box apply to the tunnel group globally across the ASA. To set authentication server group
settings per interface, click Advanced. This dialog box lets you configure the following attributes:
• Authentication Server Group—Lists the available authentication server groups, including the
LOCAL group (the default). You can also select None. Selecting something other than None or
Local makes available the Use LOCAL if Server Group Fails check box. To set the authentication
server group per interface, click Advanced.
• Use LOCAL if Server Group fails—Enables or disables fallback to the LOCAL database if the group
specified by the Authentication Server Group attribute fails.
Modes
The following table shows the modes in which this feature is available:
Add/Edit SSL VPN Connection > General > Authorization
The settings on this dialog box apply to the connection (tunnel group) globally across the ASA. This
dialog box lets you configure the following attributes:
• Authorization Server Group—Lists the available authorization server groups, including the LOCAL
group. You can also select None (the default). Selecting something other than None makes available
the check box for Users must exist in authorization database to connect.
• Users must exist in the authorization database to connect—Tells the ASA to allow only users in the
authorization database to connect. By default this feature is disabled. You must have a configured
authorization server to use this feature.
• Interface-Specific Authorization Server Groups—(Optional) Lets you configure authorization
server groups on a per-interface basis. Interface-specific authorization server groups take
precedence over the global server group. If you do not explicitly configure interface-specific
authorization, authorization takes place only at the group level.
–
Interface—Select the interface on which to perform authorization. The standard interfaces are
outside (the default), inside, and DMZ. If you have configured other interfaces, they also appear
in the list.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——