Chapter 64
General VPN Setup
Firewall Mode
Routed
•
Add/Edit Certificate Matching Rule Criterion
Use the Add/Edit Certificate Matching Rule Criterion dialog box to configure a certificate matching
rule criterion for the selected connection profile.
Fields
•
•
•
•
DN Field
Whole Field
Country (C)
Common Name (CN)
DN Qualifier (DNQ)
E-mail Address (EA)
Generational Qualifier
(GENQ)
Given Name (GN)
Initials (I)
Locality (L)
Name (N)
Organization (O)
OL-20339-01
Security Context
Transparent Single
—
•
Rule Priority—(Display only). Sequence with which the adaptive security appliance evaluates the
map when it receives a connection request. The adaptive security appliance evaluates each
connection against the map with the lowest priority number first.
Mapped to Group—(Display only). Connection profile to which the rule is assigned.
Field—Select the part of the certificate to be evaluated from the drop-down list.
Subject—The person or system that uses the certificate. For a CA root certificate, the Subject
–
and Issuer are the same.
Alternative Subject—The subject alternative names extension allows additional identities to
–
be bound to the subject of the certificate.
Issuer—The CA or other entity (jurisdiction) that issued the certificate.
–
Extended Key Usage—An extension of the client certificate that provides further criteria that
–
you can choose to match.
Component—(Applies only if Subject of Issuer is selected.) Select the distinguished name
component used in the rule:
Definition
The entire DN.
The two-letter country abbreviation. These codes conform to ISO 3166
country abbreviations.
The name of a person, system, or other entity. This is the lowest (most
specific) level in the identification hierarchy.
A specific DN attribute.
The e-mail address of the person, system or entity that owns the certificate.
A generational qualifier such as Jr., Sr., or III.
The first name of the certificate owner.
The first letters of each part of the certificate owner's name.
The city or town where the organization is located.
The name of the certificate owner.
The name of the company, institution, agency, association, or other entity.
Mapping Certificates to IPsec or SSL VPN Connection Profiles
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
64-75