Cisco FirePOWER ASA 5500 series Configuration Manual page 920

Configuring an External LDAP Server
Table E-2 Security Appliance Supported LDAP Cisco Schema Attributes (continued)
Attribute Name/
OID (Object Identifier)
cVPN3000-IPSec-Client-Firewall-Filter-
Name
cVPN3000-IPSec-Client-Firewall-Filter-
Optional
cVPN3000-IPSec-Backup-Servers
cVPN3000-IPSec-Backup-Server-List
cVPN3000-Client-Intercept-DHCP-
Configure-Msg
cVPN3000-MS-Client-Subnet-Mask
cVPN3000-Allow-Network-Extension-
Mode
cVPN3000-Strip-Realm
cVPN3000-Cisco-AV-Pair
cVPN3000-User-Auth-Server-Name
cVPN3000-User-Auth-Server-Port
cVPN3000-User-Auth-Server-Secret
cVPN3000-Confidence-Interval
cVPN3000-Cisco-LEAP-Bypass
cVPN3000-DHCP-Network-Scope
Cisco Security Appliance Command Line Configuration Guide
E-10
Appendix E Configuring an External Server for Authorization and Authentication
VPN Attr.
1
3000 ASA PIX OID
Y 40
Y Y Y 41
Y Y Y 42
Y Y Y 43
Y Y Y 44
Y Y Y 45
Y Y Y 46
Y Y Y 47
Y Y Y 48
Y 49
Y 50
Y 51
Y Y Y 52
Y Y Y 53
Y Y Y 54
Single
or
Syntax/ Multi-
Type Valued Possible Values
String Single Specifies the name of the filter
to be pushed to the client as
firewall policy.
Integer Single 0 = Required
1 = Optional
String Single 1 = Use Client-Configured list
2 = Disabled and clear client
list
3 = Use Backup Server list
String Single Server Addresses (space
delimited)
Boolean Single 0 = Disabled
1 = Enabled
String Single An IP address
Boolean Single 0 = Disabled
1 = Enabled
Boolean Single 0 = Disabled
1 = Enabled
String Multi An octet string in the following
format:
[Prefix] [Action] [Protocol]
[Source] [Source Wildcard
Mask] [Destination]
[Destination Wildcard Mask]
[Established] [Log] [Operator]
[Port]
For more information, see
"Cisco -AV-Pair Attribute
Syntax."
String Single IP address or hostname
Integer Single Port number for server protocol
String Single Server password
Integer Single 10 - 300 seconds
Integer Single 0 = Disabled
1 = Enabled
String Single IP address
OL-10088-01