Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
69-63
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring AnyConnect VPN Connections
Filter by substring— Specify the Starting Index (the position in the string of the first character to
match) and Ending Index (number of characters to search). If you choose this option, the starting
index cannot be blank. If you leave the ending index blank, it defaults to -1, indicating that the entire
string is searched for a match.
For example, suppose you selected the DN attribute Common Name (CN), which contains a value
of host/user. Table 69-1 shows some possible ways you might filter this value using the substring
option to achieve various return values. The Return Value is what is actually pre-filled as the
username.
Using a negative index, as in the third row of this table, specifies to count from the end of the string
backwards to the end of the substring, in this case, the “r” of “user”.
When using filtering by substrings, you should know the length of the substring that you are seeking.
From the following examples, use either the regular expression matching or the custom script in Lua
format:
Example 1: Regular Expression Matching—Enter a regular expression to apply to the search in the
Regular Expression field. Standard regular expression operators apply. For example, suppose you
want to use a regular expression to filter everything up to the @ symbol of the "Email Address (EA)"
DN value. The regular expression ^[^@]* would be one way to do this. In this example, if the DN
value contained a value of user1234@example.com, the return value after the regular expression
would be user1234.
Example 2: Use custom script in Lua format—Specify a custom script written in the Lua
programming language to parse the search fields. Selecting this option makes available a field in
which you can enter your custom Lua script; for example, the script:
return cert.subject.cn..'/'..cert.subject.l
combines two DN fields, username (cn) and locality (l), to use as a single username and inserts the
slash (/) character between the two fields.
Table 69-5 lists the attribute names and descriptions that you can use in a Lua script.
Note Lua is case-sensitive.
Table 69-4 Filtering by Substring
Starting Index Ending Index Return Value
15 host/
610 user
6-1 user
Table 69-5 Attribute Names and Descriptions
Attribute Name Description
cert.subject.c Country
cert.subject.cn Common Name
cert.subject.dnq DN qualifier
cert.subject.ea E-mail Address
cert.subject.genq Generational qualified