C-7
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Group-Policy Y Y String Single Sets the group policy for the remote
access VPN session. For version 8.2
and later, use this attribute instead of
IETF-Radius-Class. You can use
one of the three following formats:
group policy name
OU=group policy name
OU=group policy name:
IE-P rox y-B ypa ss-L oca l Bool ean Sing le 0 =Di sab led
1=Enabled
IE-Proxy-Exception-List String Single A list of DNS domains. Entries must
be separated by the new line
character sequence (\n).
IE-Proxy-Method Y Y Y Integer Single 1 = Do not modify proxy settings
2 = Do not use proxy
3 = Auto detect
4 = Use ASA setting
IE-Proxy-Server Y Y Y Integer Single IP address
IETF-Radius-Class Y Y Y Single Sets the group policy for the remote
access VPN session. For versions
8.2 and later, we recommend that
you use the Group-Policy attribute.
You can use one of the three
following formats:
group policy name
OU=group policy name
OU=group policy name:
IETF-Radius-Filter-Id Y Y Y String Single Access list name that is defined on
the ASA. The setting applies to
VPN remote access IPsec and SSL
VPN clients.
IETF-Radius-Framed-IP-Address Y Y Y String Single An IP address. The setting applies to
VPN remote access IPsec and SSL
VPN clients.
IETF-Radius-Framed-IP-Netmask Y Y Y String Single An IP address mask. The setting
applies to VPN remote access IPsec
and SSL VPN clients.
IETF-Radius-Idle-Timeout Y Y Y Integer Single Seconds
TableC-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values