EasyManuals Logo
Home>Cisco>Firewall>FirePOWER ASA 5500 series

Cisco FirePOWER ASA 5500 series User Manual

Cisco FirePOWER ASA 5500 series
989 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #925 background imageLoading...
Page #925 background image
E-15
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix E Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Note • Use Cisco-AV pair entries with the ip:inacl# prefix to enforce ACLs for remote IPsec and SSL VPN
Client (SVC) tunnels.
• Use Cisco-AV pair entries with the webvpn:inacl# prefix to enforce ACLs for WebVPN clientless
(browser-mode) tunnels.
Table E-3 lists the tokens for the Cisco-AV-Pair attribute:
Example Security Appliance Authorization Schema
This section provides a sample of an LDAP schema. This schema supports the security appliance class
and attributes. It is specific to the Microsoft Active Directory LDAP server. Use it as a model, with
Table E-2, to define your own schema for your own LDAP server.
Table E-3 Security Appliance-Supported Tokens
Token Syntax Field Description
ip:inacl#Num= N/A (Identifier) (Where Num is a unique integer.) Starts all AV pair access control lists. Enforces
ACLs for remote IPSec and SSL VPN (SVC) tunnels.
webvpn:inacl#Num= N/A (Identifier) (Where Num is a unique integer.) Starts all WebVPN AV pair access control lists.
Enforces ACLs for WebVPN clientless (browser-mode) tunnels.
deny Action Denies action. (Default)
permit Action Allows action.
icmp Protocol Internet Control Message Protocol (ICMP)
1 Protocol Internet Control Message Protocol (ICMP)
IP Protocol Internet Protocol (IP)
0 Protocol Internet Protocol (IP)
TCP Protocol Transmission Control Protocol (TCP)
6 Protocol Transmission Control Protocol (TCP)
UDP Protocol User Datagram Protocol (UDP)
17 Protocol User Datagram Protocol (UDP)
any Hostname Rule applies to any host.
host Hostname Any alpha-numeric string that denotes a hostname.
log Log When the event is hit, a filter log message appears. (Same as permit and log or
deny and log.)
lt Operator Less than value
gt Operator Greater than value
eq Operator Equal to value
neq Operator Not equal to value
range Operator Inclusive range. Should be followed by two values.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco FirePOWER ASA 5500 series and is the answer not in the manual?

Cisco FirePOWER ASA 5500 series Specifications

General IconGeneral
BrandCisco
ModelFirePOWER ASA 5500 series
CategoryFirewall
LanguageEnglish

Related product manuals