Chapter 64
General VPN Setup
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Adding or Editing Content to a Script for Certificate Pre-Fill-Username
The Add or Edit Script Content dialog box lets you create an authentication or authorization script.
Note
Both AnyConnect client and clientless WebVPN display "Unknown" in the username field when
pre-fill-username from certificate using a script cannot find the username in the client certificate.
Fields
•
•
•
•
•
OL-20339-01
Delete—Deletes the selected script. There is no confirmation or undo.
–
Use the entire DN as the username—Specifies that you want to use the entire Distinguished
–
Name field of the certificate as the username.
Specify the certificate fields to be used as the username—Specifies one or more fields to
–
combine into the username.
–
Primary Field—Selects the first field to use in the certificate for the username. If this value is
found, the secondary field is ignored.
Secondary Field—Selects the field to use if the primary field is not found.
–
Find—Enter a GUI label or a CLI command to use as a search string, then click Next or Previous to
begin the search.
Security Context
Transparent Single
—
•
Script Name—Specify the name of the script. The script name must be the same in both
authorization and authentication.You define the script here, and CLI uses the same script to perform
this function.
Select script parameters—Specify the attributes and content of the script.
Value for Username—Select an attribute from the drop-down list of standard DN attributes to use as
the username (Subject DN).
No Filtering—Specify that you want to use the entire specified DN name.
Filter by substring— Specify the Starting Index (the position in the string of the first character to
match) and Ending Index (number of characters to search). If you choose this option, the starting
index cannot be blank. If you leave the ending index blank, it defaults to -1, indicating that the entire
string is searched for a match.
For example, suppose you selected the DN attribute Common Name (CN), which contains a value
of host/user.
Table 64-1
shows some possible ways you might filter this value using the substring
option to achieve various return values. The Return Value is what is actually pre-filled as the
username.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring SSL VPN Connections
64-57