Configuring The Serverlist Attribute; Configuring The Certificate Match Attribute; Certificate Key Usage Matching - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual
Administration guide
Hide thumbs
Also See for 5505 - ASA Firewall Edition Bundle:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Profile Attributes
You must also specify on the security appliance that you want to allow SBL (or any other modules for
additional features). See the description in the section
Features, page 5-5
for a description of how to do this.
Configuring the ServerList Attribute
One of the main uses of the profile is to provide a means of supplying a user of the client with a list of
hosts to which they can connect. The user then selects the appropriate server. This server list consists of
host name and host address pairs. The host name can be an alias used to refer to the host, an FQDN, or
an IP address. If an FQDN or IP address is used, a HostAddress element is not required. In establishing
a connection, the host address is used as the connection address unless it is not supplied. This allows the
host name to be an alias or other name that need not be directly tied to a network addressable host. If no
host address is supplied, the connection attempt tries to connect to the host name.
As part of the definition of the server list, a default server can be specified. This default server is
identified as such the first time a user attempts a connection using the client. If a user connects with a
server other than the default then for this user, the new default is the selected server. The user selection
does not alter the contents of the profile. Instead, the user selection is entered into the user preferences.
<?xml version="1.0" encoding="UTF-8" ?>
<Configuration>
<ServerList>
<HostEntry>
</ServerList>
Configuring the Certificate Match Attribute
The AnyConnect client supports the following certificate match types. Some or all of these may be used
for client certificate matching. Certificate matching are global criteria that can be set in an AnyConnect
profile. The criteria are:
•
•
•
Certificate Key Usage Matching
Certificate key usage offers a set of constraints on the broad types of operations that can be performed
with a given certificate. The supported set includes:
•
•
•
Cisco AnyConnect VPN Client Administrator Guide
7-12
(ASDM) or
<HostEntry>
<HostName>MarketingASA01</HostName>
<HostAddress>209.165.200.224,/HostAddress>
</HostEntry>
<HostName>EngineeringASA01</HostName>
<HostAddress>209.165.200.225,/HostAddress>
</HostEntry>
Key Usage
Extended Key Usage
Distinguished Name
DIGITAL_SIGNATURE
NON_REPUDIATION
KEY_ENCIPHERMENT
Chapter 7
Configuring and Using AnyConnect Client Operating Modes and User Profiles
Enabling Modules for Additional AnyConnect
Enabling Modules for Additional AnyConnect Features, page 6-4
(CLI)
OL-12950-012
Advertisement
Table of Contents
