Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

39-6

Cisco ASDM User Guide

OL-16647-01

Chapter 39 E-Mail Proxy

AAA

Modes

The following table shows the modes in which this feature is available:

SMTPS Tab

The SMTPS AAA panel associates AAA server groups and configures the default group policy for

SMTPS sessions.

Fields

• AAA server groups—Click to go to the AAA Server Groups panel (Configuration > Features >

Properties > AAA Setup > AAA Server Groups), where you can add or edit AAA server groups.

• group policy—Click to go to the Group Policy panel (Configuration > Features > VPN > General

> Group Policy), where you can add or edit group policies.

• Authentication Server Group—Select the authentication server group for SMTPS user

authentication. The default is to have no authentication servers configured. If you have set AAA as

the authentication method for SMTPS (Configuration > Features AAA > VPN > E-Mail Proxy >

Authentication panel), you must configure an AAA server and select it here, or authentication

always fails.

• Authorization Server Group—Select the authorization server group for SMTPS user authorization.

The default is to have no authorization servers configured.

• Accounting Server Group—Select the accounting server group for SMTPS user accounting. The

default is to have no accounting servers configured.

• Default Group Policy—Select the group policy to apply to SMTPS users when AAA does not return

a CLASSID attribute. If you do not specify a default group policy, and there is no CLASSID, the

security appliance can not establish the session.

• Authorization Settings—Lets you set values for usernames that the security appliance recognizes for

SMTPS authorization. This applies to SMTPS users that authenticate with digital certificates and

require LDAP or RADIUS authorization.

–

User the entire DN as the username—Select to use the fully qualified domain name for SMTPS

authorization.

–

Specify individual DN fields as the username—Select to specify specific DN fields for user

authorization.

You can choose two DN fields, primary and secondary. For example, if you choose EA, users

authenticate according to their e-mail address. Then a user with the Common Name (CN) John

Doe and an e-mail address of johndoe@cisco.com cannot authenticate as John Doe or as

johndoe. He must authenticate as johndoe@cisco.com. If you choose EA and O, John Does must

authenticate as johndoe@cisco.com and Cisco. Systems, Inc.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next