Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 IMAP4S Tab

73-4

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter73 E-Mail Proxy

AAA

–

Secondary DN Field—(Optional) Select the secondary DN field you want to configure for

POP3S authorization. The default is OU. Options include all of those in the preceding table,

with the addition of None, which you select if you do not want to include a secondary field.

IMAP4S Tab

Configuration> Features > VPN > E-mail Proxy > AAA > IMAP4S Tab

The IMAP4S AAA panel associates AAA server groups and configures the default group policy for

IMAP4S sessions.

Fields

•AAA server groups—Click to go to the AAA Server Groups panel (Configuration > Features >

Properties > AAA Setup > AAA Server Groups), where you can add or edit AAA server groups.

•group policy—Click to go to the Group Policy panel (Configuration > Features > VPN > General

> Group Policy), where you can add or edit group policies.

•Authentication Server Group—Select the authentication server group for IMAP4S user

authentication. The default is to have no authentication servers configured. If you have set AAA as

the authentication method for IMAP4S (Configuration > Features AAA > VPN > E-Mail Proxy

> Authentication panel), you must configure an AAA server and select it here, or authentication

always fails.

•Authorization Server Group—Select the authorization server group for IMAP4S user authorization.

The default is to have no authorization servers configured.

•Accounting Server Group—Select the accounting server group for IMAP4S user accounting. The

default is to have no accounting servers configured.

•Default Group Policy—Select the group policy to apply to IMAP4S users when AAA does not return

a CLASSID attribute. If you do not specify a default group policy, and there is no CLASSID, the

ASA can not establish the session.

•Authorization Settings—Lets you set values for usernames that the ASA recognizes for IMAP4S

authorization. This applies to IMAP4S users that authenticate with digital certificates and require

LDAP or RADIUS authorization.

–

User the entire DN as the username—Select to use the fully qualified domain name for IMAP4S

authorization.

–

Specify individual DN fields as the username—Select to specify specific DN fields for user

authorization.

You can choose two DN fields, primary and secondary. For example, if you choose EA, users

authenticate according to their e-mail address. Then a user with the Common Name (CN) John

Doe and an e-mail address of johndoe@cisco.com cannot authenticate as John Doe or as

johndoe. He must authenticate as johndoe@cisco.com. If you choose EA and O, John Does must

authenticate as johndoe@cisco.com and Cisco. Systems, Inc.

State/Province (S/P) The state or province where the organization is located.

Title (T) The title of the certificate owner, such as Dr.

User ID (UID) The identification number of the certificate owner.

DN Field Definition

Cisco Systems IMAP4S Tab

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505