Cisco ASA 5505 Configuration Manual page 1367

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

General VPN Setup

The following table shows the modes in which this feature is available:

Firewall Mode

Adding or Editing Content to a Script for Certificate Pre-Fill-Username

The Add or Edit Script Content dialog box lets you create an authentication or authorization script.

Both AnyConnect client and clientless WebVPN display "Unknown" in the username field when

pre-fill-username from certificate using a script cannot find the username in the client certificate.

Delete—Deletes the selected script. There is no confirmation or undo.

Use the entire DN as the username—Specifies that you want to use the entire Distinguished

Name field of the certificate as the username.

Specify the certificate fields to be used as the username—Specifies one or more fields to

combine into the username.

Primary Field—Selects the first field to use in the certificate for the username. If this value is

found, the secondary field is ignored.

Secondary Field—Selects the field to use if the primary field is not found.

Find—Enter a GUI label or a CLI command to use as a search string, then click Next or Previous to

begin the search.

Security Context

Transparent Single

Script Name—Specify the name of the script. The script name must be the same in both

authorization and authentication.You define the script here, and CLI uses the same script to perform

this function.

Select script parameters—Specify the attributes and content of the script.

Value for Username—Select an attribute from the drop-down list of standard DN attributes to use as

the username (Subject DN).

No Filtering—Specify that you want to use the entire specified DN name.

Filter by substring— Specify the Starting Index (the position in the string of the first character to

match) and Ending Index (number of characters to search). If you choose this option, the starting

index cannot be blank. If you leave the ending index blank, it defaults to -1, indicating that the entire

string is searched for a match.

For example, suppose you selected the DN attribute Common Name (CN), which contains a value

of host/user.

shows some possible ways you might filter this value using the substring

option to achieve various return values. The Return Value is what is actually pre-filled as the

Cisco ASA 5500 Series Configuration Guide using ASDM

Configuring SSL VPN Connections

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 1367

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents