Cisco PIX 500 Series Configuration Manual page 1063

Appendix E Configuring an External Server for Authorization and Authentication
Table E-2 Security Appliance Supported LDAP Cisco Schema Attributes (continued)
Attribute Name/
OID (Object Identifier)
WebVPN-SVC-Enable
WebVPN-SVC-Gateway-DPD
WebVPN-SVC-Keepalive
WebVPN-SVC-Keep-Enable
WebVPN-SVC-Rekey-Method
WebVPN-SVC-Rekey-Period
WebVPN-SVC-Required-Enable
WebVPN-Unix-GID
WebVPN-Unix-UID
WebVPN-URL-Entry-Enable
WebVPN-URL-List
X509-Cert-Data
1. To get the complete Object Identifier of each attribute, append the number in the column to the end of 1.2.840.113556.8000.795.2. Thus, the OID of the
first attribute in the table, Access-Hours, is 1.2.840.113556.8000.795.2.1. Likewise, the OID of the last attribute in the table, WebVPN-SVC-Compression,
is 1.2.840.113556.8000.795.2.115.
Cisco-AV-Pair Attribute Syntax
The syntax of each Cisco-AV-Pair rule is as follows:
[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination] [Destination Wildcard
Mask] [Established] [Log] [Operator] [Port]
Table E-3
OL-12172-03
VPN
3000 ASA PIX
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y
describes the syntax rules.
Single
or
Attr. Syntax/ Multi-
1
OID Type Valued
85 Integer Single
98 Integer Single
96 Integer Single
87 Integer Single
100 Integer Single
99 Integer Single
86 Integer Single
75 Integer Single
70 String Single
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
Possible Values
0 = Disabled
1 = Enabled
0 = Disabled
n = Dead Peer Detection value
in seconds (30 - 3600)
0 = Disabled
n = Keepalive value in seconds
(15 - 600)
0 = Disabled
1 = Enabled
0 = None
1 = SSL
2 = New tunnel
3 = Any (sets to SSL)
0 = Disabled
n = Retry period in minutes
(4 - 10080)
0 = Disabled
1 = Enabled
0 = Disabled
1 = Enabled
URL-list name
E-13