Appendix E
Configuring an External Server for Authorization and Authentication
Table E-2
Security Appliance Supported LDAP Cisco Schema Attributes (continued)
Attribute Name/
OID (Object Identifier)
WebVPN-SVC-Enable
WebVPN-SVC-Gateway-DPD
WebVPN-SVC-Keepalive
WebVPN-SVC-Keep-Enable
WebVPN-SVC-Rekey-Method
WebVPN-SVC-Rekey-Period
WebVPN-SVC-Required-Enable
WebVPN-Unix-GID
WebVPN-Unix-UID
WebVPN-URL-Entry-Enable
WebVPN-URL-List
X509-Cert-Data
1. To get the complete Object Identifier of each attribute, append the number in the column to the end of 1.2.840.113556.8000.795.2. Thus, the OID of the
first attribute in the table, Access-Hours, is 1.2.840.113556.8000.795.2.1. Likewise, the OID of the last attribute in the table, WebVPN-SVC-Compression,
is 1.2.840.113556.8000.795.2.115.
Cisco-AV-Pair Attribute Syntax
The syntax of each Cisco-AV-Pair rule is as follows:
[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination] [Destination Wildcard
Mask] [Established] [Log] [Operator] [Port]
Table E-3
OL-12172-03
VPN
3000 ASA PIX
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
describes the syntax rules.
Single
or
Attr.
Syntax/
Multi-
1
OID
Type
Valued
85
Integer
Single
98
Integer
Single
96
Integer
Single
87
Integer
Single
100 Integer
Single
99
Integer
Single
86
Integer
Single
75
Integer
Single
70
String
Single
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
Possible Values
0 = Disabled
1 = Enabled
0 = Disabled
n = Dead Peer Detection value
in seconds (30 - 3600)
0 = Disabled
n = Keepalive value in seconds
(15 - 600)
0 = Disabled
1 = Enabled
0 = None
1 = SSL
2 = New tunnel
3 = Any (sets to SSL)
0 = Disabled
n = Retry period in minutes
(4 - 10080)
0 = Disabled
1 = Enabled
0 = Disabled
1 = Enabled
URL-list name
E-13