Cisco ASA 5505 Configuration Manual page 1573

Chapter 68 E-Mail Proxy
Fields
AAA server groups—Click to go to the AAA Server Groups panel (Configuration > Features >
•
Properties > AAA Setup > AAA Server Groups), where you can add or edit AAA server groups.
• group policies—Click to go to the Group Policy panel (Configuration > Features > VPN >
General > Group Policy), where you can add or edit group policies.
Authentication Server Group—Select the authentication server group for POP3S user
•
authentication. The default is to have no authentication servers configured. If you have set AAA as
the authentication method for POP3S (Configuration > Features AAA > VPN > E-Mail Proxy >
Authentication panel), you must configure an AAA server and select it here, or authentication
always fails.
Authorization Server Group—Select the authorization server group for POP3S user authorization.
•
The default is to have no authorization servers configured.
• Accounting Server Group—Select the accounting server group for POP3S user accounting. The
default is to have no accounting servers configured.
• Default Group Policy—Select the group policy to apply to POP3S users when AAA does not return
a CLASSID attribute. The length must be between 4 and 15 alphanumeric characters. If you do not
specify a default group policy, and there is no CLASSID, the adaptive security appliance can not
establish the session.
Authorization Settings—Lets you set values for usernames that the adaptive security appliance
•
recognizes for POP3S authorization. This applies to POP3S users that authenticate with digital
certificates and require LDAP or RADIUS authorization.
–
–
–
DN Field
Country (C)
Common Name (CN)
DN Qualifier (DNQ)
E-mail Address (EA)
Generational Qualifier
(GENQ)
Given Name (GN)
Initials (I)
Locality (L)
OL-20339-01
User the entire DN as the username—Select to use the Distinguished Name for POP3S
authorization.
Specify individual DN fields as the username—Select to specify specific DN fields for user
authorization.
You can choose two DN fields, primary and secondary. For example, if you choose EA, users
authenticate according to their e-mail address. Then a user with the Common Name (CN) John
Doe and an e-mail address of johndoe@cisco.com cannot authenticate as John Doe or as
johndoe. He must authenticate as johndoe@cisco.com. If you choose EA and O, John Does must
authenticate as johndoe@cisco.com and Cisco Systems, Inc.
Primary DN Field—Select the primary DN field you want to configure for POP3S authorization.
The default is CN. Options include the following:
Definition
The two-letter country abbreviation. These codes conform to ISO 3166
country abbreviations.
The name of a person, system, or other entity. This is the lowest (most
specific) level in the identification hierarchy.
A specific DN attribute.
The e-mail address of the person, system or entity that owns the certificate.
A generational qualifier such as Jr., Sr., or III.
The first name of the certificate owner.
The first letters of each part of the certificate owner's name.
The city or town where the organization is located.
Cisco ASA 5500 Series Configuration Guide using ASDM
AAA
68-3