Cisco ASA 5505 Configuration Manual page 1745

Appendix B Configuring an External Server for Authorization and Authentication
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/
WebVPN-Port-Forwarding-
HTTP-Proxy-Enable
WebVPN-Single-Sign-On-
Server-Name
WebVPN-SVC-Client-DPD
WebVPN-SVC-Compression
WebVPN-SVC-Enable
WebVPN-SVC-Gateway-DPD
WebVPN-SVC-Keepalive
WebVPN-SVC-Keep-Enable
WebVPN-SVC-Rekey-Method
WebVPN-SVC-Rekey-Period
WebVPN-SVC-Required-Enable
WebVPN-URL-Entry-Enable
WebVPN-URL-List
Cisco AV Pair Attribute Syntax
The Cisco Attribute Value (AV) pair (ID# 26/9/1) can be used to enforce access lists from a Radius server
(like Cisco ACS), or from an LDAP server via an ldap-attribute-map.
The syntax of each Cisco-AV-Pair rule is as follows:
[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination] [Destination Wildcard
Mask] [Established] [Log] [Operator] [Port]
Table B-3
OL-20339-01
VPN 3000 ASA PIX
Y Y
Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y
describes the syntax rules.
Syntax/ Single or
Type Multi-Valued Possible Values
Integer Single 0 = Disabled
1 = Enabled
String Single Name of the SSO Server (1 - 31
characters).
Integer Single 0 = Disabled
n = Dead Peer Detection value in
seconds (30 - 3600)
Integer Single 0 = None
1 = Deflate Compression
Integer Single 0 = Disabled
1 = Enabled
Integer Single 0 = Disabled
n = Dead Peer Detection value in
seconds (30 - 3600)
Integer Single 0 = Disabled
n = Keepalive value in seconds (15 -
600)
Integer Single 0 = Disabled
1 = Enabled
Integer Single 0 = None
1 = SSL
2 = New tunnel
3 = Any (sets to SSL)
Integer Single 0 = Disabled
n = Retry period in minutes
(4 - 10080)
Integer Single 0 = Disabled
1 = Enabled
Integer Single 0 = Disabled
1 = Enabled
String Single URL-list name
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring an External LDAP Server
B-13