Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
30-15
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Configuring Connection Profiles (ASA, PIX 7.0+)
Field Reference
Table 30-6 Connection Profile Secondary AAA Tab
Element Description
Enable Double
Authentication
Whether to enable double authentication, which prompts the user for
two sets of credentials (username and password) before completing the
remote access VPN connection.
Secondary Authentication
Server Group
The name of the authentication server group (LOCAL if the tunnel
group is configured on the local device) to be used with the second set
of credentials. Enter the name of a AAA server group object or click
Select to select it from a list or to create a new object.
If you want to use different authentication server groups based on the
interface to which the client connects, configure the server groups in
the Secondary Interface-Specific Authentication Server Groups table at
the bottom of this tab (described below).
Use LOCAL if Server Group
Fails
Whether to fall back to the local database for authentication if the
selected authentication server group fails.
Use Primary Username for
Secondary Authentication
Whether to use the same username for the secondary credentials that
was used for the primary credentials. If you select this option, after
users authenticate with their primary credentials, they are prompted for
the secondary password only. If you do not select this option, the
secondary prompt requires both a username and password.
Username for Session The username that the software will use for the user session, either the
primary or secondary name. If you prompt for the primary name only,
select primary.
Note By default, if there is more than one username, AnyConnect
remembers both usernames between sessions. In addition, the
head-end device might offer a feature to allow for
administrative control over whether the client remembers both
or neither usernames.
Authorization Authentication
Server
The server to use for authorization, either the primary authentication
server (defined on the AAA tab) or the secondary authentication server
configured on this tab.
Distinguished Name (DN)
Secondary Authorization
Setting
How you want to use the distinguished name for authorization. A
distinguished name (DN) is a unique identification, made up of
individual fields, that can be used as the identifier when matching users
to a tunnel group. DN rules are used for enhanced certificate
authentication. Select from the following options to determine how the
DN is used during authorization:
Use Entire DN as the Username—Use the entire DN; do not focus
on any one field.
Specify Individual DN fields as the Username—Focus on
specific fields. Select a primary field, and optionally, a secondary
field. The default is to use only the user identification (UID) field.