Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
30-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Configuring Connection Profiles (ASA, PIX 7.0+)
Add/Edit Interface Specific Authentication Server Groups Dialog Box
Use the Add/Edit Interface Specific Authentication Server Groups dialog boxes to configure
interface-specific authentication for your connection profile policy. This setting overrides the global
authentication server group settings if the client connects to the specified interface.
If you are configuring the secondary AAA server for an SSL VPN on an ASA device, the settings are
specifically used for the secondary set of credentials that the user enters; this is reflected in the name of
the dialog box.
Enable Notification Upon
Password Expiration to
Allow User to Change
Password
Enable Notification Prior to
Expiration
Notify Prior to Expiration
Whether to have the security appliance notify the remote user at login
that the current password is about to expire or has expired, and to then
offer the user the opportunity to change the password.
If you want to give the user prior warning of an impending password
expiration, select Enable Notification Prior to Expiration and specify
the number of days prior to expiration that you want to start
notifications (1 to 180 days). You can use this option with AAA servers
that support such notification—RADIUS, RADIUS with an NT server,
and LDAP servers. There is no prior notification for other types of
servers.
Distinguished Name (DN)
Authorization Settings
How you want to use the distinguished name for authorization. A
distinguished name (DN) is a unique identification, made up of
individual fields, that can be used as the identifier when matching users
to a tunnel group. DN rules are used for enhanced certificate
authentication. Select from the following options to determine how the
DN is used during authorization:
Use Entire DN as the Username—Use the entire DN; do not focus
on any one field.
Specify Individual DN fields as the Username—Focus on
specific fields. Select a primary field, and optionally, a secondary
field. The default is to use the common name (CN) as primary and
the organization unit (OU) as secondary.
Interface-Specific
Authentication Server
Groups table
If you want to configure separate authentication server groups for
specific interfaces, so that clients connecting through that interface use
a server group different from the global group, add the interface to this
table and configure the separate group. Any interface not listed here
uses the global authentication server group. The table shows the server
group and whether you are falling back to local authentication if the
server group is not available.
To add an interface-specific authentication group to the list, click
the Add Row button and fill in the Add/Edit Interface Specific
Authentication Server Groups Dialog Box, page 30-13.
To edit an interface setting, select it and click the Edit Row button.
To delete an interface setting, select it and click the Delete Row
button.
Table 30-4 Connection Profile AAA Tab (Continued)
Element Description