C-36
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External RADIUS Server
ASA IETF RADIUS Authorization Attributes
Table C -8 lists the supported IETF RADIUS attributes.
IPv6-VPN-Filter Y 219 String Single ACL value
Privilege-Level Y Y 220 Integer Single An integer between 0 and 15.
WebVPN-Macro-Value1 Y 223 String Single Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:
http://supportwiki.cisco.com/Vi
ewWiki/index.php/Cisco_ASA
_5500_SSL_VPN_Deployment
_Guide%2C_Version_8.x
WebVPN-Macro-Value2 Y 224 String Single Unbounded. For examples, see
the SSL VPN Deployment Guide
at the following URL:
http://supportwiki.cisco.com/Vi
ewWiki/index.php/Cisco_ASA
_5500_SSL_VPN_Deployment
_Guide%2C_Version_8.x
TableC-7 ASA Supported RADIUS Attributes and Values (continued)
Attribute Name
VPN
3000 ASA PIX
Attr.
No.
Syntax/
Type
Single
or
Multi-
Valued Description or Value
TableC-8 ASA Supported IETF RADIUS Attributes and Values
Attribute Name
VPN
3000 ASA PIX
Attr.
No.
Syntax/
Type
Single or
Multi-
Valued Description or Value
IETF-Radius-Class Y Y Y 25 Single For Versions 8.2.x and later, we
recommend that you use the
Group-Policy attribute (VSA 3076,
#25) as described in Table C -7:
group policy name
OU=group policy name
OU=group policy name
IETF-Radius-Filter-Id Y Y Y 11 String Single Access list name that is defined on the
ASA, which applies only to full
tunnel IPsec and SSL VPN clients
IETF-Radius-Framed-IP-Address Y Y Y n/a String Single An IP address
IETF-Radius-Framed-IP-Netmask Y Y Y n/a String Single An IP address mask
IETF-Radius-Idle-Timeout Y Y Y 28 Integer Single Seconds