69-57
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring AnyConnect VPN Connections
Setting Client Addressing Attributes for an AnyConnect SSL VPN Connection
The Client Addressing attributes let you configure interface-specific address pools that your connection
can use. Click Add to add a new address pool or Edit to modify an existing pool. The Select Address
Pools dialog box opens, showing a table listing the pool name, starting and ending address (or number
of addresses), and subnet mask/prefix length of any existing pools. For a complete description of Client
Addressing see Configuring Client Addressing, page 69-92.
Configuring Authentication Attributes for a Connection Profile
• Interface-specific Authentication Server Groups—Manages the assignment of authentication server
groups to specific interfaces.
–
Add or Edit—Opens the Assign Authentication Server Group to Interface dialog box, in which
you can specify the interface and server group, and specify whether to allow fallback to the
LOCAL database if the selected server group fails. The Manage button on this dialog box opens
the Configure AAA Server Groups dialog box. Your selections appear in the Interface/Server
Group table.
–
Delete—Removes the selected server group from the table. There is no confirmation or undo.
• Username Mapping from Certificate—Lets you specify the methods and fields in a digital certificate
from which to extract the username.
–
Pre-fill Username from Certificate—Extracts the username from the specified certificate field
and uses it for username/password authentication and authorization, according to the options
that follow in this panel.
–
Hide username from end user—Specifies to not display the extracted username to the end user.
–
Use script to select username—Specify the name of a script to use to select a username from a
digital certificate. The default is --None--.
–
Add or Edit—Opens the Add or Edit Script Content dialog box, in which you can define a script
to use in mapping the username from the certificate.
–
Delete—Deletes the selected script. There is no confirmation or undo.
–
Use the entire DN as the username—Specifies that you want to use the entire Distinguished
Name field of the certificate as the username.
–
Specify the certificate fields to be used as the username—Specifies one or more fields to
combine into the username.
Possible values for primary and secondary attributes include the following:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——