35-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Licensing Requirements for AAA Servers
Uses the username value of the certificate primary DN field as a credential
Note If the primary DN field is not present in the certificate, the ASA uses the secondary DN field value as
the username for the authorization request.
For example, consider a user certificate that includes the following Subject DN fields and values:
Cn=anyuser,OU=sales;O=XYZCorporation;L=boston;S=mass;C=us;ea=anyuser@example.com
If the Primary DN = EA (E-mail Address) and the Secondary DN = CN (Common Name), then the
username used in the authorization request would be anyuser@example.com.
Licensing Requirements for AAA Servers
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines
The username command has two versions: one for 8.4(3) and earlier and one for 8.4(4.1) and later. See
the command reference for more information.
Configuring AAA
This section includes the following topics:
Configuring AAA Server Groups, page35-11
Configuring Authorization with LDAP for VPN, page35-16
Configuring LDAP Attribute Maps, page35-18
Adding a User Account to the Local Database, page35-20
Model License Requirement
All models Base License.