Filter
Top Products
C-6
Cisco ASDM User Guide
OL-16647-01
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
For software Version 7.0, LDAP attributes include the cVPN3000 prefix. For Version 7.1 and later, this
prefix was removed.
Supported Cisco Attributes for LDAP Authorization
This section provides a complete list of attributes (Table C-2) for the ASA 5500, VPN 3000, and PIX
500 series security appliances. The table includes attribute support information for the VPN 3000 and
PIX 500 series to assist you configure networks with a mixture of these security appliances.
Table C-2 Security Appliance Supported Cisco Attributes for LDAP Authorization
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
Access-Hours Y Y Y String Single Name of the time-range
(for example, Business-Hours)
Allow-Network-Extension- Mode Y Y Y Boolean Single 0 = Disabled
1 = Enabled
Authenticated-User-Idle- Timeout Y Y Y Integer Single 1 - 35791394 minutes
Authorization-Required Y Integer Single 0 = No
1 = Yes
Authorization-Type Y Integer Single 0 = None
1 = RADIUS
2 = LDAP
Auth-Service-Type
Banner1 Y Y Y String Single Banner string
Banner2 Y Y Y String Single Banner string
Cisco-AV-Pair Y Y Y String Multi An octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard Mask]
[Destination] [Destination Wildcard
Mask] [Established] [Log]
[Operator] [Port]
For more information, see
“Cisco-AV-Pair Attribute Syntax.”
Cisco-IP-Phone-Bypass Y Y Y Integer Single 0 = Disabled
1 = Enabled
Cisco-LEAP-Bypass Y Y Y Integer Single 0 = Disabled
1 = Enabled
Client-Intercept-DHCP-
Configure-Msg
Y Y Y Boolean Single 0 = Disabled
1 = Enabled
Client-Type-Version-Limiting Y Y Y String Single IPSec VPN client version number
string
Confidence-Interval Y Y Y Integer Single 10 - 300 seconds