13-9
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 13 Configuring AAA Servers and the Local Database
AAA Server and Local Database Support
cVPN3000-IETF-Radius-Class — Department or user group
cVPN3000-IETF-Radius-Filter-Id — Access control list
cVPN3000-IETF-Radius-Framed-IP-Address — A static IP address
cVPN3000-IPSec-Banner1 — A organization title
cVPN3000-Tunneling-Protocols — Allow or deny dial-in
For a list of Cisco LDAP attribute names and values, see Appendix E, “Configuring an External Server
for Authorization and Authentication”. Alternatively, you can enter “?” within ldap-attribute-map mode
to display the complete list of Cisco LDAP attribute names, as shown in the following example:
hostname(config)# ldap attribute-map att_map_1
hostname(config-ldap-attribute-map)# map-name att_map_1 ?
ldap mode commands/options:
cisco-attribute-names:
cVPN3000-Access-Hours
cVPN3000-Allow-Network-Extension-Mode
cVPN3000-Auth-Service-Type
cVPN3000-Authenticated-User-Idle-Timeout
cVPN3000-Authorization-Required
cVPN3000-Authorization-Type
:
:
cVPN3000-X509-Cert-Data
hostname(config-ldap-attribute-map)#
SSO Support for WebVPN with HTTP Forms
The security appliance can use the HTTP Form protocol for single sign-on (SSO) authentication of
WebVPN users only. Single sign-on support lets WebVPN users enter a username and password only
once to access multiple protected services and Web servers. The WebVPN server running on the security
appliance acts as a proxy for the user to the authenticating server. When a user logs in, the WebVPN
server sends an SSO authentication request, including username and password, to the authenticating
server using HTTPS. If the server approves the authentication request, it returns an SSO authentication
cookie to the WebVPN server. The security appliance keeps this cookie on behalf of the user and uses it
to authenticate the user to secure websites within the domain protected by the SSO server.
In addition to the HTTP Form protocol, WebVPN administrators can choose to configure SSO with the
HTTP Basic and NTLM authentication protocols (the auto-signon command), or with Computer
Associates eTrust SiteMinder SSO server (formerly Netegrity SiteMinder) as well. For an in-depth
discussion of configuring SSO with either HTTP Forms, auto-signon or SiteMinder, see the Configuring
WebVPN chapter.
Local Database Support
The security appliance maintains a local database that you can populate with user profiles.
This section contains the following topics:
• User Profiles, page 13-10
• Fallback Support, page 13-10
• Fallback Support, page 13-10
To Next Page
Loading...
Need help?
General