Cisco PIX 500 Series Configuration Manual page 1084

Configuring an External RADIUS Server
Security Appliance RADIUS Authorization Attributes
Note Authorization refers to the process of enforcing permissions or attributes. A RADIUS server defined as
an authentication server enforces permissions or attributes if they are configured.
Table E-5
authorization.
Table E-6 Security Appliance Supported RADIUS Attributes and Values
Attribute Name
Access-Hours
Simultaneous-Logins
Primary-DNS
Secondary-DNS
Primary-WINS
Secondary-WINS
SEP-Card-Assignment
Tunneling-Protocols
IPSec-Sec-Association
IPSec-Authentication
Banner1
Cisco Security Appliance Command Line Configuration Guide
E-34
lists all the possible security appliance supported RADIUS attributes that can be used for user
VPN
3000 ASA PIX
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y
Y
Y Y
Appendix E Configuring an External Server for Authorization and Authentication
Single
or
Attr. Syntax/ Multi-
# Type Valued
Y 1 String Single
Y 2 Integer Single
Y 5 String Single
Y 6 String Single
Y 7 String Single
Y 8 String Single
9 Integer Single
Y 11 Integer Single
12 String Single
13 Integer Single
Y 15 String Single
Description or Value
Name of the time range, for
example, Business-hours
An integer from 0 to
2147483647
An IP address
An IP address
An IP address
An IP address
Not used
1 = PPTP
2 = L2TP
4 = IPSec
8 = L2TP/IPSec
16 = WebVPN
4 and 8 are mutually exclusive;
0-11 and 16-27 are legal values.
Name of the security
association
0 = None
1 = RADIUS
2 = LDAP (authorization only)
3 = NT Domain
4 = SDI
5 = Internal
6 = RADIUS with Expiry
7 = Kerberos/Active Directory
Banner string
OL-12172-03