C-29
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
Use-Client-Address Y 17 Boolean Single 0 = Disabled
1 = Enabled
PPTP-Encryption Y 20 Integer Single Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required
15= 40/128-Encr/Stateless-Req
L2TP-Encryption Y 21 Integer Single Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Req
15= 40/128-Encr/Stateless-Req
Group-Policy Y Y 25 String Single Sets the group policy for the
remote access VPN session. For
versions 8.2 and later, use this
attribute instead of
IETF-Radius-Class. You can
use one of the three following
formats:
group policy name
OU=group policy name
OU=group policy name;
IPsec-Split-Tunnel-List YYY27StringSingleSpecifies the name of the
network/access list that
describes the split tunnel
inclusion list.
IPsec-Default-Domain YYY28StringSingleSpecifies the single default
domain name to send to the
client (1-255 characters).
IPsec-Split-DNS-Names YYY29StringSingleSpecifies the list of secondary
domain names to send to the
client (1-255 characters).
IPsec-Tunnel-Type YYY30IntegerSingle1 = LAN-to-LAN
2 = Remote access
IPsec-Mode-Config YYY31BooleanSingle0 = Disabled
1 = Enabled
IPsec-User-Group-Lock Y 33 Boolean Single 0 = Disabled
1 = Enabled
TableC-7 ASA Supported RADIUS Attributes and Values (continued)
Attribute Name
VPN
3000 ASA PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued Description or Value