C-28
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
are sent from the ASA to the RADIUS server for authentication and authorization requests. All four
previously listed attributes are sent from the ASA to the RADIUS server for accounting start,
interim-update, and stop requests. Upstream RADIUS attributes 146, 150, 151, and 152 were introduced
in ASA Version 8.4.3.
TableC-7 ASA Supported RADIUS Attributes and Values
Attribute Name
VPN
3000 ASA PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued Description or Value
Access-Hours YYY1StringSingleName of the time range, for
example, Business-hours
Simultaneous-Logins YYY2IntegerSingle0 - 2147483647
Primary-DNS YYY5StringSingleAn IP address
Secondary-DNS YYY6StringSingleAn IP address
Primary-WINS YYY7StringSingleAn IP address
Secondary-WINS YYY8StringSingleAn IP address
SEP-Card-Assignment 9 Integer Single Not used
Tunneling-Protocols YYY11IntegerSingle1 = PPTP
2 = L2TP
4 = IPSec (IKEv1)
8 = L2TP/IPSec
16 = WebVPN
32 = SVC
64 = IPsec (IKEv2)
8 and 4 are mutually exclusive
(0 - 11, 16 - 27, 32 - 43, 48 - 59
are legal values).
IPsec-Sec-Association Y 12 String Single Name of the security
association
IPsec-Authentication Y 13 Integer Single 0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos/Active Directory
Banner1 YYY15StringSingleBanner string to display for
Cisco VPN remote access
sessions: IPsec IKEv1,
AnyConnect
SSL-TLS/DTLS/IKEv2, and
Clientless SSL
IPsec-Allow-Passwd-Store YYY16BooleanSingle0 = Disabled
1 = Enabled