Cisco ASA 5505 Configuration Manual page 1362

Configuring SSL VPN Connections
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Setting Client Addressing Attributes for an AnyConnect SSL VPN Connection
The Client Addressing attributes let you configure interface-specific address pools that your connection
can use. Click Add to add a new address pool or Edit to modify an existing pool. The Select Address
Pools dialog box opens, showing a table listing the pool name, starting and ending address (or number
of addresses), and subnet mask/prefix length of any existing pools. For a complete description of Client
Addressing see
Configuring Authentication Attributes for an SSL VPN Connection Profile
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-52
In either case, and, if the password expires without being changed, the adaptive security
appliance offers the user the opportunity to change the password. If the current password has
not expired, the user can still log in using that password.
Note This does not change the number of days before the password expires, but rather, it enables
the notification. If you select this option, you must also specify the number of days.
Override account-disabled indication from AAA server—Overrides an account-disabled
–
indication from a AAA server.
Find—Enter a GUI label or a CLI command to use as a search string, then click Next or Previous to
begin the search.
Security Context
Transparent Single
—
•
Configuring Client Addressing, page
Interface-specific Authentication Server Groups—Manages the assignment of authentication server
groups to specific interfaces.
Add or Edit—Opens the Assign Authentication Server Group to Interface dialog box, in which
–
you can specify the interface and server group, and specify whether to allow fallback to the
LOCAL database if the selected server group fails. The Manage button on this dialog box opens
the Configure AAA Server Groups dialog box. Your selections appear in the Interface/Server
Group table.
– Delete—Removes the selected server group from the table. There is no confirmation or undo.
Username Mapping from Certificate—Lets you specify the methods and fields in a digital certificate
from which to extract the username.
– Pre-fill Username from Certificate—Check to extract the names to be used for authentication
from the primary and secondary fields specified in this panel. You must configure the
authentication method for both AAA and certificates before checking this attribute. To do so,
return to the Basic panel in the same window and check Both next to Method.
Hide username from end user—Specifies to not display the extracted username to the end user.
–
Multiple
Context System
— —
64-84.
Chapter 64 General VPN Setup
OL-20339-01