74-32
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Connection Profile Attributes for Clientless SSL VPN
For example, to assign a clientless SSL VPN user to the SSL_VPN group, set the RADIUS Class
Attribute to a value of OU=SSL_VPN; (Do not omit the semicolon.)

Using an LDAP Server

Using an LDAP server to authenticate users, assign users to group policies by following these steps:
Step1 Authenticate the user with LDAP and use the Group Policy attribute to assign that user to a particular
group policy.
Step2 Set the Group Policy attribute to the group policy name in one of these formats:
<group policy name>
OU=<group policy name>
OU=<group policy name>;
For example, to assign a clientless SSL VPN user to the SSL_VPN group, set the LDAP Group Policy
Attribute to a value of SSL_VPN, OU=SSL_VPN, or OU=SSL_VPN;.
Configuring Connection Profile Attributes for Clientless SSL VPN
Table74-2 provides a list of connection profile attributes that are specific to clientless SSL VPN. In
addition to these attributes, you configure general connection profile attributes common to all VPN
connections. For step-by-step information on configuring connection profiles, see Chapter67,
“Configuring Connection Profiles, Group Policies, and Users.”
Note In earlier releases, “connection profiles” were known as “tunnel groups.” You configure a connection
profile with tunnel-group commands. This chapter often uses these terms interchangeably.
Table74-2 Connection Profile Attributes for Clientless SSL VPN
Command Function
authentication Sets the authentication method.
customization Identifies the name of a previously defined customization to apply.
nbns-server Identifies the name of the NetBIOS Name Service server (nbns-server) to use
for CIFS name resolution.
group-alias Specifies the alternate names by which the server can refer to a connection
profile.
group-url Identifies one or more group URLs. If you configure this attribute, users
coming in on a specified URL need not select a group at login.