Cisco ASA 5505 Configuration Manual page 1739

Appendix B Configuring an External Server for Authorization and Authentication
Table B-2 Security Appliance Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name/
Cisco-AV-Pair
Cisco-IP-Phone-Bypass
Cisco-LEAP-Bypass
Client-Intercept-DHCP-
Configure-Msg
Client-Type-Version-Limiting
Confidence-Interval
DHCP-Network-Scope
DN-Field
Firewall-ACL-In
Firewall-ACL-Out
Group-Policy
IE-Proxy-Bypass-Local
IE-Proxy-Exception-List
OL-20339-01
Syntax/
VPN 3000 ASA PIX Type
Y Y Y String
Y Y Y Integer
Y Y Y Integer
Y Y Y Boolean Single
Y Y Y String
Y Y Y Integer
Y Y Y String
Y Y Y String
Y Y String
Y Y String
Y Y String
Boolean Single
String
Configuring an External LDAP Server
Single or
Multi-Valued Possible Values
Multi An octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard Mask]
[Destination] [Destination Wildcard
Mask] [Established] [Log]
[Operator] [Port]
For more information, see
AV Pair Attribute
Single 0 = Disabled
1 = Enabled
Single 0 = Disabled
1 = Enabled
0 = Disabled
1 = Enabled
Single IPSec VPN client version number
string
Single 10 - 300 seconds
Single IP address
Single Possible values: UID, OU, O, CN,
L, SP, C, EA, T, N, GN, SN, I,
GENQ, DNQ, SER,
use-entire-name.
Single Access list ID
Single Access list ID
Single Sets the group policy for the remote
access VPN session. For version 8.2
and later, use this attribute instead of
IETF-Radius-Class. You can use
one of the three following formats:
<group policy name>
•
OU=<group policy name>
•
• OU=<group policy name>;
0=Disabled
1=Enabled
Single A list of DNS domains. Entries must
be separated by the new line
character sequence (\n).
Cisco ASA 5500 Series Configuration Guide using ASDM
"Cisco
Syntax."
B-7