Cisco ASA Series Cli Configuration Manual page 2133

Appendix 1 Configuring an External Server for Authorization and Authentication
Table 1-2 ASA Supported Cisco Attributes for LDAP Authorization (continued)
Attribute Name
IPsec-Split-Tunneling-Policy
IPsec-Split-Tunnel-List
IPsec-Tunnel-Type
L2TP-Encryption
L2TP-MPPC-Compression
MS-Client-Subnet-Mask
PFS-Required
Port-Forwarding-Name
PPTP-Encryption
PPTP-MPPC-Compression
Primary-DNS
Primary-WINS
Privilege-Level
Required-Client-
Firewall-Vendor-Code
VPN Syntax/
3000 ASA PIX Type
Y Y Y Integer
Y Y Y String
Y Y Y Integer
Y Integer
Y Integer
Y Y Y String
Y Y Y Boolean Single
Y Y String
Y Integer
Y Integer
Y Y Y String
Y Y Y String
Integer
Y Y Y Integer
Configuring an External LDAP Server
Single or
Multi-Value
d Possible Values
Single 0 = Tunnel everything
1 = Split tunneling
2 = Local LAN permitted
Single Specifies the name of the network or
access list that describes the split
tunnel inclusion list.
Single 1 = LAN-to-LAN
2 = Remote access
Single Bitmap:
1 = Encryption required
2 = 40 bit
4 = 128 bits
8 = Stateless-Req
15 = 40/128-Encr/Stateless-Req
Single 0 = Disabled
1 = Enabled
Single An IP address
0 = No
1 = Yes
Single Name string (for example,
"Corporate-Apps")
Single Bitmap:
1 = Encryption required
2 = 40 bits
4 = 128 bits
8 = Stateless-Required
Example:
15 = 40/128-Encr/Stateless-Req
Single 0 = Disabled
1 = Enabled
Single An IP address
Single An IP address
Single For usernames, 0 - 15
Single 1 = Cisco Systems (with Cisco
Integrated Client)
2 = Zone Labs
3 = NetworkICE
4 = Sygate
5 = Cisco Systems (with Cisco
Intrusion Prevention Security
Agent)
Cisco ASA Series CLI Configuration Guide
1-9