Filter
Top Products
C-12
Cisco ASDM User Guide
OL-16647-01
Appendix C Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Cisco-AV-Pair Attribute Syntax
The syntax of each Cisco-AV-Pair rule is as follows:
[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination] [Destination Wildcard
Mask] [Established] [Log] [Operator] [Port]
Table C-3 describes the syntax rules.
WebVPN-SVC-Client-DPD Y Y Integer Single 0 = Disabled
n = Dead Peer Detection value in
seconds (30 - 3600)
WebVPN-SVC-Compression Y Y Integer Single 0 = None
1 = Deflate Compression
WebVPN-SVC-Enable Y Y Integer Single 0 = Disabled
1 = Enabled
WebVPN-SVC-Gateway-DPD Y Y Integer Single 0 = Disabled
n = Dead Peer Detection value in
seconds (30 - 3600)
WebVPN-SVC-Keepalive Y Y Integer Single 0 = Disabled
n = Keepalive value in seconds (15 -
600)
WebVPN-SVC-Keep-Enable Y Y Integer Single 0 = Disabled
1 = Enabled
WebVPN-SVC-Rekey-Method Y Y Integer Single 0 = None
1 = SSL
2 = New tunnel
3 = Any (sets to SSL)
WebVPN-SVC-Rekey-Period Y Y Integer Single 0 = Disabled
n = Retry period in minutes
(4 - 10080)
WebVPN-SVC-Required-Enable Y Y Integer Single 0 = Disabled
1 = Enabled
WebVPN-URL-Entry-Enable Y Y Integer Single 0 = Disabled
1 = Enabled
WebVPN-URL-List Y String Single URL-list name
Table C-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/ VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values
Table C-3 AV-Pair Attribute Syntax Rules
Field Description
Prefix A unique identifier for the AV pair. For example:
ip:inacl#1= (for standard
access lists) or
webvpn:inacl# (for clientless SSL VPN access lists). This
field only appears when the filter has been sent as an AV pair.
Action Action to perform if rule matches: deny, permit.