Configuring SSL VPN Connections
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Configuring Authorization Attributes for an SSL VPN Connection Profile
The Authorization dialog box lets you view, add, edit, or delete interface-specific authorization server
groups. Each row of the table on this dialog box shows the status of one interface-specific server group:
the interface name, its associated server group, and whether fallback to the local database is enabled if
the selected server group fails.
Fields
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-56
Use the entire DN as the username—Uses the entire subject DN (RFC1779) to derive a name for an
authorization query from a digital certificate.
Use script to select username—Names the script from which to extract a username from a digital
certificate. The default is --None--.
–
Add or Edit—Opens the Add or Edit Script Content dialog box, in which you can define a script
to use in mapping the username from the certificate.
Delete—Deletes the selected script. There is no confirmation or undo.
–
Security Context
Transparent Single
—
•
Authorization Server Group—Specifies an authorization server group from which to draw
authorization parameters.
Server Group—Selects an authorization server group to use. The default is none.
–
Manage—Opens the Configure AAA Server Groups dialog box.
–
Users must exist in the authorization database to connect—Select this check box to require that
–
users meet this criterion.
Interface-specific Authorization Server Groups—Manages the assignment of authorization server
groups to specific interfaces.
Add or Edit—Opens the Assign Authentication Server Group to Interface dialog box, in which
–
you can specify the interface and server group, and specify whether to allow fallback to the
LOCAL database if the selected server group fails. The Manage button on this dialog box opens
the Configure AAA Server Groups dialog box. Your selections appear in the Interface/Server
Group table.
Delete—Removes the selected server group from the table. There is no confirmation or undo.
–
Username Mapping from Certificate—Specify the fields in a digital certificate from which to extract
the username.
Use script to select username—Names the script from which to extract a username from a digital
–
certificate. The default is --None--.
Add or Edit—Opens the Add or Edit Script Content dialog box, in which you can define a script
–
to use in mapping the username from the certificate.
Multiple
Context
System
—
—
Chapter 64
General VPN Setup
OL-20339-01