Filter
Top Products
C-8
Cisco ASDM User Guide
OL-16647-01
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IPSec-Backup-Servers Y Y Y String Single 1 = Use Client-Configured list
2 = Disabled and clear client list
3 = Use Backup Server list
IPSec-Client-Firewall-Filter- Name Y String Single Specifies the name of the filter to be
pushed to the client as firewall
policy.
IPSec-Client-Firewall-Filter-
Optional
Y Y Y Integer Single 0 = Required
1 = Optional
IPSec-Default-Domain Y Y Y String Single Specifies the single default domain
name to send to the client (1 - 255
characters).
IPSec-IKE-Peer-ID-Check Y Y Y Integer Single 1 = Required
2 = If supported by peer certificate
3 = Do not check
IPSec-IP-Compression Y Y Y Integer Single 0 = Disabled
1 = Enabled
IPSec-Mode-Config Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPSec-Over-UDP Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPSec-Over-UDP-Port Y Y Y Integer Single 4001 - 49151; default = 10000
IPSec-Required-Client-Firewall-
Capability
Y Y Y Integer Single 0 = None
1 = Policy defined by remote FW
Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
IPSec-Sec-Association Y String Single Name of the security association
IPSec-Split-DNS-Names Y Y Y String Single Specifies the list of secondary
domain names to send to the client
(1 - 255 characters).
IPSec-Split-Tunneling-Policy Y Y Y Integer Single 0 = Tunnel everything
1 = Split tunneling
2 = Local LAN permitted
IPSec-Split-Tunnel-List Y Y Y String Single Specifies the name of the network or
access list that describes the split
tunnel inclusion list.
IPSec-Tunnel-Type Y Y Y Integer Single 1 = LAN-to-LAN
2 = Remote access
IPSec-User-Group-Lock Y Boolean Single 0 = Disabled
1 = Enabled
Table C-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values