Cisco ASA Series Cli Configuration Manual page 2132

Configuring an External LDAP Server
Table 1-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
IPsec-Authentication
IPsec-Auth-On-Rekey
IPsec-Backup-Server-List
IPsec-Backup-Servers
IPsec-Client-Firewall-Filter- Name
IPsec-Client-Firewall-Filter-
Optional
IPsec-Default-Domain
IPsec-Extended-Auth-On-Rekey
IPsec-IKE-Peer-ID-Check
IPsec-IP-Compression
IPsec-Mode-Config
IPsec-Over-UDP
IPsec-Over-UDP-Port
IPsec-Required-Client-Firewall-
Capability
IPsec-Sec-Association
IPsec-Split-DNS-Names
Cisco ASA Series CLI Configuration Guide
1-8
Appendix 1
VPN Syntax/
3000 ASA PIX Type
Y Y Y Integer
Y Y Y Boolean Single
Y Y Y String
Y Y Y String
Y String
Y Y Y Integer
Y Y Y String
Y Y String
Y Y Y Integer
Y Y Y Integer
Y Y Y Boolean Single
Y Y Y Boolean Single
Y Y Y Integer
Y Y Y Integer
Y String
Y Y Y String
Configuring an External Server for Authorization and Authentication
Single or
Multi-Value
d Possible Values
Single 0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI (RSA)
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos or Active Directory
0 = Disabled
1 = Enabled
Single Server addresses (space delimited)
Single 1 = Use client-configured list
2 = Disabled and clear client list
3 = Use backup server list
Single Specifies the name of the filter to be
pushed to the client as firewall
policy.
Single 0 = Required
1 = Optional
Single Specifies the single default domain
name to send to the client (1 - 255
characters).
Single String
Single 1 = Required
2 = If supported by peer certificate
3 = Do not check
Single 0 = Disabled
1 = Enabled
0 = Disabled
1 = Enabled
0 = Disabled
1 = Enabled
Single 4001 - 49151; The default is 10000.
Single 0 = None
1 = Policy defined by remote FW
Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
Single Name of the security association
Single Specifies the list of secondary
domain names to send to the client
(1 - 255 characters).