Cisco PIX 500 Series Configuration Manual page 1065

Appendix E Configuring an External Server for Authorization and Authentication
Table E-4 Security Appliance-Supported Tokens
Token Syntax Field
deny Action
permit Action
icmp Protocol
1 Protocol
IP Protocol
0 Protocol
TCP Protocol
6 Protocol
UDP Protocol
17 Protocol
any Hostname
host Hostname
log Log
lt Operator
gt Operator
eq Operator
neq Operator
range Operator
Example Security Appliance Authorization Schema
This section provides a sample of an LDAP schema. This schema supports the security appliance class
and attributes. It is specific to the Microsoft Active Directory LDAP server. Use it as a model, with
Table
Schema 3k_schema.ldif
dn: CN=Access-Hours,CN=Schema,CN=Configuration,OU=People,DC=ExampleCorporation,DC=com
changetype: add
adminDisplayName: Access-Hours
attributeID: 1.2.840.113556.1.8000.795.2.1
attributeSyntax: 2.5.5.3
cn: Access-Hours
instanceType: 4
isSingleValued: TRUE
lDAPDisplayName: Access-Hours
distinguishedName:
CN=Access-Hours,CN=Schema,CN=Configuration,OU=People,DC=ExampleCorporation,DC=com
objectCategory:
CN=Attribute-Schema,CN=Schema,CN=Configuration,OU=People,DC=ExampleCorporation,DC=com
objectClass: attributeSchema
oMSyntax: 27
name: Access-Hours
showInAdvancedViewOnly: TRUE
OL-12172-03
Description
Denies action. (Default)
Allows action.
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Internet Protocol (IP)
Internet Protocol (IP)
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
User Datagram Protocol (UDP)
Rule applies to any host.
Any alpha-numeric string that denotes a hostname.
When the event is hit, a filter log message appears. (Same as permit and log or
deny and log.)
Less than value
Greater than value
Equal to value
Not equal to value
Inclusive range. Should be followed by two values.
E-2, to define your own schema for your own LDAP server.
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
E-15