Contents
lxiii
Cisco ASA 5500 Series Configuration Guide using the CLI
Anycast Address B-9
Required Addresses B-10
IPv6 Address Prefixes B-10
Protocols and Applications B-11
TCP and UDP Ports B-11
Local Ports and Protocols B-14
ICMP Types B-15
APPENDIX
CConfiguring an External Server for Authorization and Authentication C-1
Understanding Policy Enforcement of Permissions and Attributes C-1
Configuring an External LDAP Server C-2
Organizing the ASA for LDAP Operations C-3
Searching the LDAP Hierarchy C-3
Binding the ASA to the LDAP Server C-4
Defining the ASA LDAP Configuration C-5
Supported Cisco Attributes for LDAP Authorization C-5
Cisco AV Pair Attribute Syntax C-13
Cisco AV Pairs ACL Examples C-14
Active Directory/LDAP VPN Remote Access Authorization Examples C-16
User-Based Attributes Policy Enforcement C-16
Placing LDAP Users in a Specific Group Policy C-18
Enforcing Static IP Address Assignment for AnyConnect Tunnels C-20
Enforcing Dial-in Allow or Deny Access C-22
Enforcing Logon Hours and Time-of-Day Rules C-25
Configuring an External RADIUS Server C-27
Reviewing the RADIUS Configuration Procedure C-27
ASA RADIUS Authorization Attributes C-27
ASA IETF RADIUS Authorization Attributes C-36
RADIUS Accounting Disconnect Reason Codes C-37
Configuring an External TACACS+ Server C-38
G
LOSSARY
I
NDEX