C-31
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
Required-Client-Firewall-Product-Code YYY46IntegerSingleCisco Systems Products:
1 = Cisco Intrusion Prevention
Security Agent or Cisco
Integrated Client (CIC)
Zone Labs Products:
1 = Zone Alarm
2 = Zone AlarmPro
3 = Zone Labs Integrity
NetworkICE Product:
1 = BlackIce Defender/Agent
Sygate Products:
1 = Personal Firewall
2 = Personal Firewall Pro
3 = Security Agent
Required-Client-Firewall-Description YYY47String SingleString
Require-HW-Client-Auth YYY48BooleanSingle0 = Disabled
1 = Enabled
Required-Individual-User-Auth YYY49IntegerSingle0 = Disabled
1 = Enabled
Authenticated-User-Idle-Timeout YYY50IntegerSingle1-35791394 minutes
Cisco-IP-Phone-Bypass YYY51IntegerSingle0 = Disabled
1 = Enabled
IPsec-Split-Tunneling-Policy YYY55IntegerSingle0 = No split tunneling
1 = Split tunneling
2 = Local LAN permitted
IPsec-Required-Client-Firewall-CapabilityYYY56IntegerSingle0 = None
1 = Policy defined by remote
FW Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
IPsec-Client-Firewall-Filter-Name Y 57 String Single Specifies the name of the filter
to be pushed to the client as
firewall policy
IPsec-Client-Firewall-Filter-Optional YYY58IntegerSingle0 = Required
1 = Optional
IPsec-Backup-Servers YYY59StringSingle1 = Use Client-Configured list
2 = Disable and clear client list
3 = Use Backup Server list
IPsec-Backup-Server-List YYY60StringSingleServer Addresses (space
delimited)
TableC-7 ASA Supported RADIUS Attributes and Values (continued)
Attribute Name
VPN
3000 ASA PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued Description or Value