Support User Manuals

Cisco Systems ASA 5585-X Network Router User Manual

Open as PDF

of 2086

69-60

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 69 General VPN Setup

Configuring AnyConnect VPN Connections

• Pre-fill Username from Certificate—Check to extract the names to be used for secondary

authentication from the primary and secondary fields specified in this panel. You must configure the

authentication method for both AAA and certificates before checking this attribute. To do so, return

to the Basic panel in the same window and check Both next to Method.

• Hide username from end user—Check to hide the username to be used for secondary authentication

from the VPN user.

• Fallback when a certificate is unavailable —This attribute is configurable only if “Hide username

from end user” is checked. Uses Cisco Secure Desktop Host Scan data to pre-fill the username for

secondary authentication if a certificate is unavailable.

• Password—Choose one of the following methods to retrieve the password to be used for secondary

authentication:

–

Prompt—Prompt the user for the password.

–

Use Primary—Reuse the primary authentication password for all secondary authentications.

–

Use—Enter a common secondary password for all secondary authentications.

• Specify the certificate fields to be used as the username—Specifies one or more fields to match as

the username. To use this username in the pre-fill username from certificate feature for the

secondary username/password authentication or authorization, you must also configure the

pre-fill-username and secondary-pre-fill-username.

–

Primary Field—Selects the first field to use from the certificate for the username. If this value

is found, the secondary field is ignored.

–

Secondary Field—Selects the field to us if the primary field is not found.

The options for primary and secondary field attributes include the following:

Attribute Definition

C Country: the two-letter country abbreviation. These codes conform to ISO

3166 country abbreviations.

CN Common Name: the name of a person, system, or other entity. Not available

a s a secondary attribute.

DNQ Domain Name Qualifier.

EA E-mail address.

GENQ Generational Qualifier.

GN Given Name.

I Initials.

L Locality: the city or town where the organization is located.

N Name.

O Organization: the name of the company, institution, agency, association or

other entity.

OU Organizational Unit: the subgroup within the organization (O).

SER Serial Number.

SN Surname.

SP State/Province: the state or province where the organization is located

T Title.

previous next