Filter
Top Products
73-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 73 E-Mail Proxy
AAA
• Authentication Server Group—Select the authentication server group for SMTPS user
authentication. The default is to have no authentication servers configured. If you have set AAA as
the authentication method for SMTPS (Configuration > Features AAA > VPN > E-Mail Proxy >
Authentication panel), you must configure an AAA server and select it here, or authentication
always fails.
• Authorization Server Group—Select the authorization server group for SMTPS user authorization.
The default is to have no authorization servers configured.
• Accounting Server Group—Select the accounting server group for SMTPS user accounting. The
default is to have no accounting servers configured.
• Default Group Policy—Select the group policy to apply to SMTPS users when AAA does not return
a CLASSID attribute. If you do not specify a default group policy, and there is no CLASSID, the
ASA can not establish the session.
• Authorization Settings—Lets you set values for usernames that the ASA recognizes for SMTPS
authorization. This applies to SMTPS users that authenticate with digital certificates and require
LDAP or RADIUS authorization.
–
User the entire DN as the username—Select to use the fully qualified domain name for SMTPS
authorization.
–
Specify individual DN fields as the username—Select to specify specific DN fields for user
authorization.
You can choose two DN fields, primary and secondary. For example, if you choose EA, users
authenticate according to their e-mail address. Then a user with the Common Name (CN) John
Doe and an e-mail address of johndoe@cisco.com cannot authenticate as John Doe or as
johndoe. He must authenticate as johndoe@cisco.com. If you choose EA and O, John Does must
authenticate as johndoe@cisco.com and Cisco. Systems, Inc.
–
Primary DN Field—Select the primary DN field you want to configure for SMTPS
authorization. The default is CN. Options include the following:
DN Field Definition
Country (C) The two-letter country abbreviation. These codes conform to ISO 3166
country abbreviations.
Common Name (CN) The name of a person, system, or other entity. This is the lowest (most
specific) level in the identification hierarchy.
DN Qualifier (DNQ) A specific DN attribute.
E-mail Address (EA) The e-mail address of the person, system or entity that owns the certificate.
Generational Qualifier
(GENQ)
A generational qualifier such as Jr., Sr., or III.
Given Name (GN) The first name of the certificate owner.
Initials (I) The first letters of each part of the certificate owner’s name.
Locality (L) The city or town where the organization is located.
Name (N) The name of the certificate owner.
Organization (O) The name of the company, institution, agency, association, or other entity.
Organizational Unit
(OU)
The subgroup within the organization.
Serial Number (SER) The serial number of the certificate.
Surname (SN) The family name or last name of the certificate owner.