C-8
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
IETF-Radius-Service-Type Y Y Y Integer Single 1 = Login
2 = Framed
5 = Remote access
6 = Administrative
7 = NAS prompt
IETF-Radius-Session-Timeout Y Y Y Integer Single Seconds
IKE-Keep-Alives Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Allow-Passwd-Store Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Authentication Y Y Y Integer Single 0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos or Active Directory
IPsec-Auth-On-Rekey Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Backup-Server-List Y Y Y String Single Server addresses (space delimited)
IPsec-Backup-Servers Y Y Y String Single 1 = Use client-configured list
2 = Disabled and clear client list
3 = Use backup server list
IPsec-Client-Firewall-Filter- Name Y String Single Specifies the name of the filter to be
pushed to the client as firewall
policy.
IPsec-Client-Firewall-Filter-
Optional
Y Y Y Integer Single 0 = Required
1 = Optional
IPsec-Default-Domain Y Y Y String Single Specifies the single default domain
name to send to the client (1 - 255
characters).
IPsec-Extended-Auth-On-Rekey Y Y String Single String
IPsec-IKE-Peer-ID-Check Y Y Y Integer Single 1 = Required
2 = If supported by peer certificate
3 = Do not check
IPsec-IP-Compression Y Y Y Integer Single 0 = Disabled
1 = Enabled
IPsec-Mode-Config Y Y Y Boolean Single 0 = Disabled
1 = Enabled
IPsec-Over-UDP Y Y Y Boolean Single 0 = Disabled
1 = Enabled
TableC-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name VPN 3000 ASA PIX
Syntax/
Type
Single or
Multi-Valued Possible Values