Enabling Ipv6 Vpn Access - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring Connection Profiles, Group Policies, and Users

Optionally, configure the ability to override an account-disabled indicator from a AAA server, by

entering the override-account-disable command:

hostname(config-tunnel-general)# override-account-disable

hostname(config-tunnel-general)#

Allowing override-account-disable is a potential security risk.

Specify the attribute or attributes to use in deriving a name for an authorization query from a certificate.

This attribute specifies what part of the subject DN field to use as the username for authorization:

hostname(config-tunnel-general)# authorization-dn-attributes { primary-attribute

[ secondary-attribute ] | use-entire-name}

For example, the following command specifies the use of the CN attribute as the username for

authorization:

hostname(config-tunnel-general)# authorization-dn-attributes CN

hostname(config-tunnel-general)#

The authorization-dn-attributes are C (Country), CN (Common Name), DNQ (DN qualifier), EA

(E-mail Address), GENQ (Generational qualifier), GN (Given Name), I (Initials), L (Locality),

N (Name), O (Organization), OU (Organizational Unit), SER (Serial Number), SN (Surname),

SP (State/Province), T (Title), UID (User ID), and UPN (User Principal Name).

Specify whether to require a successful authorization before allowing a user to connect. The default is

not to require authorization.

hostname(config-tunnel-general)# authorization-required

hostname(config-tunnel-general)#

Enabling IPv6 VPN Access

The security appliance allows access to IPv6 resources over a public IPv4 connection (Windows XP SP2,

Windows Vista, Mac OSX, and Linux only). If you want to configure IPv6 access, you must use the

command-line interface to configure IPv6; ASDM does not support IPv6.

You enable IPv6 access using the ipv6 enable command as part of enabling SSL VPN connections. The

following is an example for an IPv6 connection that enables IPv6 on the outside interface:

hostname(config)# interface GigabitEthernet0/0

hostname(config-if)# ipv6 enable

To enable IPV6 SSL VPN, do the following general actions:

For LDAP, the method to change a password is proprietary for the different LDAP servers on the

market. Currently, the security appliance implements the proprietary password management

logic only for Microsoft Active Directory and Sun LDAP servers. Native LDAP requires an SSL

connection. You must enable LDAP over SSL before attempting to do password management for

LDAP. By default, LDAP uses port 636.

Enable IPv6 on the outside interface.

Enable IPv6 and an IPv6 address on the inside interface.

Cisco Security Appliance Command Line Configuration Guide

Configuring Connection Profiles

Troubleshooting

Asa 5500 series

Enabling Ipv6 Vpn Access - Cisco PIX 500 Series Configuration Manual

Enabling IPv6 VPN Access

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Content for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents