Cisco PIX 500 Series Configuration Manual page 1058

Configuring an External LDAP Server
Table E-2 Security Appliance Supported LDAP Cisco Schema Attributes (continued)
Attribute Name/
OID (Object Identifier)
IPSec-IKE-Peer-ID-Check
IPSec-IP-Compression
IPSec-Mode-Config
IPSec-Over-UDP
IPSec-Over-UDP-Port
IPSec-Required-Client-Firewall-Capability
IPSec-Sec-Association
IPSec-Split-DNS-Names
IPSec-Split-Tunneling-Policy
IPSec-Split-Tunnel-List
IPSec-Tunnel-Type
IPSec-User-Group-Lock
Cisco Security Appliance Command Line Configuration Guide
E-8
Appendix E Configuring an External Server for Authorization and Authentication
VPN Attr.
1
3000 ASA PIX OID
Y Y Y 28
Y Y Y 27
Y Y Y 20
Y Y Y 22
Y Y Y 23
Y Y Y 39
Y 9
Y Y Y 18
Y Y Y 38
Y Y Y 16
Y Y Y 19
Y 21
Single
or
Syntax/ Multi-
Type Valued Possible Values
Integer Single 1 = Required
2 = If supported by peer
certificate
3 = Do not check
Integer Single 0 = Disabled
1 = Enabled
Boolean Single 0 = Disabled
1 = Enabled
Boolean Single 0 = Disabled
1 = Enabled
Integer Single 4001 - 49151; default = 10000
Integer Single 0 = None
1 = Policy defined by remote
FW Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
String Single Name of the security
association
String Single Specifies the list of secondary
domain names to send to the
client (1 - 255 characters).
Integer Single 0 = Tunnel everything
1 = Split tunneling
2 = Local LAN permitted
String Single Specifies the name of the
network or access list that
describes the split tunnel
inclusion list.
Integer Single 1 = LAN-to-LAN
2 = Remote access
Boolean Single 0 = Disabled
1 = Enabled
OL-12172-03