Cisco ASA 5505 Configuration Manual page 1375

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

General VPN Setup

The following table shows the modes in which this feature is available:

Firewall Mode

Add or Edit SSL VPN Connections > Advanced > Authorization

This dialog box lets you configure the default authorization server group, interface-specific

authorization server groups, and user name mapping attributes. The attributes are the same for SSL VPN

and Clientless SSL VPN connections.

Interface—Selects an interface, DMZ, Outside, or Inside. The default is DMZ.

Server Group—Selects a server group to assign to the selected interface. The default is LOCAL.

Manage—Opens the Configure AAA Server Groups dialog box.

Fallback—Enables or disables fallback to LOCAL if the selected server group fails.

Security Context

Transparent Single

Default Authorization Server Group—Configures default authorization server group attributes.

Server Group—Selects the authorization server group to use for this connection. The default is

Manage—Opens the Configure AAA Server Groups dialog box.

Users must exist in the authorization database to connect—Enables or disables this requirement.

Interface-specific Authorization Server Groups

Table—Lists each configured interface and the server group with which it is associated.

Add or Edit—Opens the Assign Authorization Server Group to Interface dialog box.

Delete—Removes the selected row from the table.

User Name Mapping—Specifies user name mapping attributes.

Username Mapping from Certificate—Lets you specify the fields in a digital certificate from which

to extract the username.

Pre-fill Username from Certificate—Check to extract the names to be used for secondary

authentication from the primary and secondary fields specified in this panel. You must configure

the authentication method for both AAA and certificates before checking this attribute.

Hide username from end user—Specifies not to display the extracted username to the end user.

Use script to select username—Names the script from which to extract a username from a digital

certificate. The default is --None--.

Add or Edit—Opens the Add or Edit Script Content dialog box, in which you can define a script

to use in mapping the username from the certificate.

Delete—Deletes the selected script. There is no confirmation or undo.

Configuring Clientless SSL VPN Connections

Cisco ASA 5500 Series Configuration Guide using ASDM

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 1375

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents