Configuring an External Server for Authorization and Authentication
B
A P P E N D I X
OL-20339-01
Determining the Subnet Mask
Determining the Address to Use with the Subnet Mask
IPv6 Addresses
A-5
IPv6 Address Format
IPv6 Address Types
A-6
Unicast Addresses
Multicast Address
Anycast Address
Required Addresses
IPv6 Address Prefixes
Protocols and Applications
TCP and UDP Ports
A-11
Local Ports and Protocols
ICMP Types
A-15
Understanding Policy Enforcement of Permissions and Attributes
Configuring an External LDAP Server
Organizing the Security Appliance for LDAP Operations
Searching the Hierarchy
Binding the Security Appliance to the LDAP Server
Login DN Example for Active Directory
Defining the Security Appliance LDAP Configuration
Supported Cisco Attributes for LDAP Authorization
Cisco AV Pair Attribute Syntax
Cisco AV Pairs ACL Examples
Active Directory/LDAP VPN Remote Access Authorization Use Cases
User-Based Attributes Policy Enforcement
Placing LDAP users in a specific Group-Policy
Enforcing Static IP Address Assignment for AnyConnect Tunnels
Enforcing Dial-in Allow or Deny Access
Enforcing Logon Hours and Time-of-Day Rules
Configuring an External RADIUS Server
Reviewing the RADIUS Configuration Procedure
Security Appliance RADIUS Authorization Attributes
Security Appliance IETF RADIUS Authorization Attributes
Configuring an External TACACS+ Server
A-3
A-5
A-6
A-8
A-9
A-10
A-10
A-11
A-14
B-3
B-4
B-5
B-13
B-15
B-18
B-25
B-30
B-30
B-39
Cisco ASA 5500 Series Configuration Guide using ASDM
A-3
B-1
B-2
B-3
B-5
B-6
B-6
B-16
B-20
B-22
B-28
B-30
B-38
Contents
lvii