|
|
|
|
|
|
Access-Hours |
Y |
1 |
String |
Single |
Name of the time range, for example, Business-hours |
Access-List-Inbound |
Y |
86 |
String |
Single |
ACL ID |
Access-List-Outbound |
Y |
87 |
String |
Single |
ACL ID |
Address-Pools |
Y |
217 |
String |
Single |
Name of IP local pool |
Allow-Network-Extension-Mode |
Y |
64 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
Authenticated-User-Idle-Timeout |
Y |
50 |
Integer |
Single |
1-35791394 minutes |
Authorization-DN-Field |
Y |
67 |
String |
Single |
Possible values: UID, OU, O, CN, L, SP, C, EA, T, N, GN, SN, I, GENQ, DNQ, SER, use-entire-name |
Authorization-Required |
|
66 |
Integer |
Single |
0 = No 1 = Yes |
Authorization-Type |
Y |
65 |
Integer |
Single |
0 = None 1 = RADIUS 2 = LDAP |
Banner1 |
Y |
15 |
String |
Single |
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, AnyConnect SSL-TLS/DTLS/IKEv2, and Clientless SSL |
Banner2 |
Y |
36 |
String |
Single |
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, AnyConnect SSL-TLS/DTLS/IKEv2, and Clientless SSL. The Banner2 string is concatenated to the Banner1 string , if configured. |
Cisco-IP-Phone-Bypass |
Y |
51 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Cisco-LEAP-Bypass |
Y |
75 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Client Type |
Y |
150 |
Integer |
Single |
1 = Cisco VPN Client (IKEv1) 2 = AnyConnect Client SSL VPN 3 = Clientless SSL VPN 4 = Cut-Through-Proxy 5 = L2TP/IPsec SSL VPN 6 = AnyConnect Client IPsec VPN (IKEv2) |
Client-Type-Version-Limiting |
Y |
77 |
String |
Single |
IPsec VPN version number string |
DHCP-Network-Scope |
Y |
61 |
String |
Single |
IP Address |
Extended-Authentication-On-Rekey |
Y |
122 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Group-Policy |
Y |
25 |
String |
Single |
Sets the group policy for the remote access VPN session. For Versions 8.2.x and later, use this attribute instead of IETF-Radius-Class. You can use one of the following formats:
- group policy name
- OU= group policy name
- OU= group policy name ;
|
IE-Proxy-Bypass-Local |
|
83 |
Integer |
Single |
0 = None 1 = Local |
IE-Proxy-Exception-List |
|
82 |
String |
Single |
New line (\n) separated list of DNS domains |
IE-Proxy-PAC-URL |
Y |
133 |
String |
Single |
PAC address string |
IE-Proxy-Server |
|
80 |
String |
Single |
IP address |
IE-Proxy-Server-Policy |
|
81 |
Integer |
Single |
1 = No Modify 2 = No Proxy 3 = Auto detect 4 = Use Concentrator Setting |
IKE-KeepAlive-Confidence-Interval |
Y |
68 |
Integer |
Single |
10-300 seconds |
IKE-Keepalive-Retry-Interval |
Y |
84 |
Integer |
Single |
2-10 seconds |
IKE-Keep-Alives |
Y |
41 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
Intercept-DHCP-Configure-Msg |
Y |
62 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPsec-Allow-Passwd-Store |
Y |
16 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPsec-Authentication |
|
13 |
Integer |
Single |
0 = None 1 = RADIUS 2 = LDAP (authorization only) 3 = NT Domain 4 = SDI 5 = Internal 6 = RADIUS with Expiry 7 = Kerberos/Active Directory |
IPsec-Auth-On-Rekey |
Y |
42 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPsec-Backup-Server-List |
Y |
60 |
String |
Single |
Server Addresses (space delimited) |
IPsec-Backup-Servers |
Y |
59 |
String |
Single |
1 = Use Client-Configured list 2 = Disable and clear client list 3 = Use Backup Server list |
IPsec-Client-Firewall-Filter-Name |
|
57 |
String |
Single |
Specifies the name of the filter to be pushed to the client as firewall policy |
IPsec-Client-Firewall-Filter-Optional |
Y |
58 |
Integer |
Single |
0 = Required 1 = Optional |
IPsec-Default-Domain |
Y |
28 |
String |
Single |
Specifies the single default domain name to send to the client (1-255 characters). |
IPsec-IKE-Peer-ID-Check |
Y |
40 |
Integer |
Single |
1 = Required 2 = If supported by peer certificate 3 = Do not check |
IPsec-IP-Compression |
Y |
39 |
Integer |
Single |
0 = Disabled 1 = Enabled |
IPsec-Mode-Config |
Y |
31 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPsec-Over-UDP |
Y |
34 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPsec-Over-UDP-Port |
Y |
35 |
Integer |
Single |
4001- 49151. The default is 10000. |
IPsec-Required-Client-Firewall-Capability |
Y |
56 |
Integer |
Single |
0 = None 1 = Policy defined by remote FW Are-You-There (AYT) 2 = Policy pushed CPP 4 = Policy from server |
IPsec-Sec-Association |
|
12 |
String |
Single |
Name of the security association |
IPsec-Split-DNS-Names |
Y |
29 |
String |
Single |
Specifies the list of secondary domain names to send to the client (1-255 characters). |
IPsec-Split-Tunneling-Policy |
Y |
55 |
Integer |
Single |
0 = No split tunneling 1 = Split tunneling 2 = Local LAN permitted |
IPsec-Split-Tunnel-List |
Y |
27 |
String |
Single |
Specifies the name of the network or ACL that describes the split tunnel inclusion list. |
IPsec-Tunnel-Type |
Y |
30 |
Integer |
Single |
1 = LAN-to-LAN 2 = Remote access |
IPsec-User-Group-Lock |
|
33 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
IPv6-Address-Pools |
Y |
218 |
String |
Single |
Name of IP local pool-IPv6 |
IPv6-VPN-Filter |
Y |
219 |
String |
Single |
ACL value |
L2TP-Encryption |
|
21 |
Integer |
Single |
Bitmap: 1 = Encryption required 2 = 40 bits 4 = 128 bits 8 = Stateless-Req 15= 40/128-Encr/Stateless-Req |
L2TP-MPPC-Compression |
|
38 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Member-Of |
Y |
145 |
String |
Single |
Comma-delimited string, for example:
An administrative attribute that can be used in dynamic access policies. It does not set a group policy. |
MS-Client-Subnet-Mask |
Y |
63 |
Boolean |
Single |
An IP address |
NAC-Default-ACL |
|
92 |
String |
|
ACL |
NAC-Enable |
|
89 |
Integer |
Single |
0 = No 1 = Yes |
NAC-Revalidation-Timer |
|
91 |
Integer |
Single |
300-86400 seconds |
NAC-Settings |
Y |
141 |
String |
Single |
Name of the NAC policy |
NAC-Status-Query-Timer |
|
90 |
Integer |
Single |
30-1800 seconds |
Perfect-Forward-Secrecy-Enable |
Y |
88 |
Boolean |
Single |
0 = No 1 = Yes |
PPTP-Encryption |
|
20 |
Integer |
Single |
Bitmap: 1 = Encryption required 2 = 40 bits 4 = 128 bits 8 = Stateless-Required 15= 40/128-Encr/Stateless-Req |
PPTP-MPPC-Compression |
|
37 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Primary-DNS |
Y |
5 |
String |
Single |
An IP address |
Primary-WINS |
Y |
7 |
String |
Single |
An IP address |
Privilege-Level |
Y |
220 |
Integer |
Single |
An integer between 0 and 15. |
Required-Client- Firewall-Vendor-Code |
Y |
45 |
Integer |
Single |
1 = Cisco Systems (with Cisco Integrated Client) 2 = Zone Labs 3 = NetworkICE 4 = Sygate 5 = Cisco Systems (with Cisco Intrusion Prevention Security Agent) |
Required-Client-Firewall-Description |
Y |
47 |
String |
Single |
String |
Required-Client-Firewall-Product-Code |
Y |
46 |
Integer |
Single |
Cisco Systems Products: 1 = Cisco Intrusion Prevention Security Agent or Cisco Integrated Client (CIC) Zone Labs Products: 1 = Zone Alarm 2 = Zone AlarmPro 3 = Zone Labs Integrity NetworkICE Product: 1 = BlackIce Defender/Agent Sygate Products: 1 = Personal Firewall 2 = Personal Firewall Pro 3 = Security Agent |
Required-Individual-User-Auth |
Y |
49 |
Integer |
Single |
0 = Disabled 1 = Enabled |
Require-HW-Client-Auth |
Y |
48 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
Secondary-DNS |
Y |
6 |
String |
Single |
An IP address |
Secondary-WINS |
Y |
8 |
String |
Single |
An IP address |
SEP-Card-Assignment |
|
9 |
Integer |
Single |
Not used |
Session Subtype |
Y |
152 |
Integer |
Single |
0 = None 1 = Clientless 2 = Client 3 = Client Only Session Subtype applies only when the Session Type (151) attribute has the following values: 1, 2, 3, and 4. |
Session Type |
Y |
151 |
Integer |
Single |
0 = None 1 = AnyConnect Client SSL VPN 2 = AnyConnect Client IPSec VPN (IKEv2) 3 = Clientless SSL VPN 4 = Clientless Email Proxy 5 = Cisco VPN Client (IKEv1) 6 = IKEv1 LAN-LAN 7 = IKEv2 LAN-LAN 8 = VPN Load Balancing |
Simultaneous-Logins |
Y |
2 |
Integer |
Single |
0-2147483647 |
Smart-Tunnel |
Y |
136 |
String |
Single |
Name of a Smart Tunnel |
Smart-Tunnel-Auto |
Y |
138 |
Integer |
Single |
0 = Disabled 1 = Enabled 2 = AutoStart |
Smart-Tunnel-Auto-Signon-Enable |
Y |
139 |
String |
Single |
Name of a Smart Tunnel Auto Signon list appended by the domain name |
Strip-Realm |
Y |
135 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
SVC-Ask |
Y |
131 |
String |
Single |
0 = Disabled 1 = Enabled 3 = Enable default service 5 = Enable default clientless (2 and 4 not used) |
SVC-Ask-Timeout |
Y |
132 |
Integer |
Single |
5-120 seconds |
SVC-DPD-Interval-Client |
Y |
108 |
Integer |
Single |
0 = Off 5-3600 seconds |
SVC-DPD-Interval-Gateway |
Y |
109 |
Integer |
Single |
0 = Off) 5-3600 seconds |
SVC-DTLS |
Y |
123 |
Integer |
Single |
0 = False 1 = True |
SVC-Keepalive |
Y |
107 |
Integer |
Single |
0 = Off 15-600 seconds |
SVC-Modules |
Y |
127 |
String |
Single |
String (name of a module) |
SVC-MTU |
Y |
125 |
Integer |
Single |
MTU value 256-1406 in bytes |
SVC-Profiles |
Y |
128 |
String |
Single |
String (name of a profile) |
SVC-Rekey-Time |
Y |
110 |
Integer |
Single |
0 = Disabled 1-10080 minutes |
Tunnel Group Name |
Y |
146 |
String |
Single |
1-253 characters |
Tunnel-Group-Lock |
Y |
85 |
String |
Single |
Name of the tunnel group or “none” |
Tunneling-Protocols |
Y |
11 |
Integer |
Single |
1 = PPTP 2 = L2TP 4 = IPSec (IKEv1) 8 = L2TP/IPSec 16 = WebVPN 32 = SVC 64 = IPsec (IKEv2) 8 and 4 are mutually exclusive. 0 - 11, 16 - 27, 32 - 43, 48 - 59 are legal values. |
Use-Client-Address |
|
17 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
VLAN |
Y |
140 |
Integer |
Single |
0-4094 |
WebVPN-Access-List |
Y |
73 |
String |
Single |
Access-List name |
WebVPN ACL |
Y |
73 |
String |
Single |
Name of a WebVPN ACL on the device |
WebVPN-ActiveX-Relay |
Y |
137 |
Integer |
Single |
0 = Disabled Otherwise = Enabled |
WebVPN-Apply-ACL |
Y |
102 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Auto-HTTP-Signon |
Y |
124 |
String |
Single |
Reserved |
WebVPN-Citrix-Metaframe-Enable |
Y |
101 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Content-Filter-Parameters |
Y |
69 |
Integer |
Single |
1 = Java ActiveX 2 = Java Script 4 = Image 8 = Cookies in images |
WebVPN-Customization |
Y |
113 |
String |
Single |
Name of the customization |
WebVPN-Default-Homepage |
Y |
76 |
String |
Single |
A URL such as http://example-example.com |
WebVPN-Deny-Message |
Y |
116 |
String |
Single |
Valid string (up to 500 characters) |
WebVPN-Download_Max-Size |
Y |
157 |
Integer |
Single |
0x7fffffff |
WebVPN-File-Access-Enable |
Y |
94 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-File-Server-Browsing-Enable |
Y |
96 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-File-Server-Entry-Enable |
Y |
95 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Group-based-HTTP/HTTPS-Proxy-Exception-List |
Y |
78 |
String |
Single |
Comma-separated DNS/IP with an optional wildcard (*) (for example *.cisco.com, 192.168.1.*, wwwin.cisco.com) |
WebVPN-Hidden-Shares |
Y |
126 |
Integer |
Single |
0 = None 1 = Visible |
WebVPN-Home-Page-Use-Smart-Tunnel |
Y |
228 |
Boolean |
Single |
Enabled if clientless home page is to be rendered through Smart Tunnel. |
WebVPN-HTML-Filter |
Y |
69 |
Bitmap |
Single |
1 = Java ActiveX 2 = Scripts 4 = Image 8 = Cookies |
WebVPN-HTTP-Compression |
Y |
120 |
Integer |
Single |
0 = Off 1 = Deflate Compression |
WebVPN-HTTP-Proxy-IP-Address |
Y |
74 |
String |
Single |
Comma-separated DNS/IP:port, with http= or https= prefix (for example http=10.10.10.10:80, https=11.11.11.11:443) |
WebVPN-Idle-Timeout-Alert-Interval |
Y |
148 |
Integer |
Single |
0-30. 0 = Disabled. |
WebVPN-Keepalive-Ignore |
Y |
121 |
Integer |
Single |
0-900 |
WebVPN-Macro-Substitution |
Y |
223 |
String |
Single |
Unbounded. For examples, see the SSL VPN Deployment Guide at the following URL: http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html |
WebVPN-Macro-Substitution |
Y |
224 |
String |
Single |
Unbounded. For examples, see the SSL VPN Deployment Guide at the following URL: http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html |
WebVPN-Port-Forwarding-Enable |
Y |
97 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Port-Forwarding-Exchange-Proxy-Enable |
Y |
98 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Port-Forwarding-HTTP-Proxy |
Y |
99 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Port-Forwarding-List |
Y |
72 |
String |
Single |
Port forwarding list name |
WebVPN-Port-Forwarding-Name |
Y |
79 |
String |
Single |
String name (example, “Corporate-Apps”). This text replaces the default string, “Application Access,” on the clientless portal home page. |
WebVPN-Post-Max-Size |
Y |
159 |
Integer |
Single |
0x7fffffff |
WebVPN-Session-Timeout-Alert-Interval |
Y |
149 |
Integer |
Single |
0-30. 0 = Disabled. |
WebVPN Smart-Card-Removal-Disconnect |
Y |
225 |
Boolean |
Single |
0 = Disabled 1 = Enabled |
WebVPN-Smart-Tunnel |
Y |
136 |
String |
Single |
Name of a Smart Tunnel |
WebVPN-Smart-Tunnel-Auto-Sign-On |
Y |
139 |
String |
Single |
Name of a Smart Tunnel auto sign-on list appended by the domain name |
WebVPN-Smart-Tunnel-Auto-Start |
Y |
138 |
Integer |
Single |
0 = Disabled 1 = Enabled 2 = Auto Start |
WebVPN-Smart-Tunnel-Tunnel-Policy |
Y |
227 |
String |
Single |
One of “e networkname,” “i networkname,” or “a,” where networkname is the name of a Smart Tunnel network list, e indicates the tunnel excluded, i indicates the tunnel specified, and a indicates all tunnels. |
WebVPN-SSL-VPN-Client-Enable |
Y |
103 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-SSL-VPN-Client-Keep- Installation |
Y |
105 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-SSL-VPN-Client-Required |
Y |
104 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-SSO-Server-Name |
Y |
114 |
String |
Single |
Valid string |
WebVPN-Storage-Key |
Y |
162 |
String |
Single |
|
WebVPN-Storage-Objects |
Y |
161 |
String |
Single |
|
WebVPN-SVC-Keepalive-Frequency |
Y |
107 |
Integer |
Single |
15-600 seconds, 0=Off |
WebVPN-SVC-Client-DPD-Frequency |
Y |
108 |
Integer |
Single |
5-3600 seconds, 0=Off |
WebVPN-SVC-DTLS-Enable |
Y |
123 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-SVC-DTLS-MTU |
Y |
125 |
Integer |
Single |
MTU value is from 256-1406 bytes. |
WebVPN-SVC-Gateway-DPD-Frequency |
Y |
109 |
Integer |
Single |
5-3600 seconds, 0=Off |
WebVPN-SVC-Rekey-Time |
Y |
110 |
Integer |
Single |
4-10080 minutes, 0=Off |
WebVPN-SVC-Rekey-Method |
Y |
111 |
Integer |
Single |
0 (Off), 1 (SSL), 2 (New Tunnel) |
WebVPN-SVC-Compression |
Y |
112 |
Integer |
Single |
0 (Off), 1 (Deflate Compression) |
WebVPN-UNIX-Group-ID (GID) |
Y |
222 |
Integer |
Single |
Valid UNIX group IDs |
WebVPN-UNIX-User-ID (UIDs) |
Y |
221 |
Integer |
Single |
Valid UNIX user IDs |
WebVPN-Upload-Max-Size |
Y |
158 |
Integer |
Single |
0x7fffffff |
WebVPN-URL-Entry-Enable |
Y |
93 |
Integer |
Single |
0 = Disabled 1 = Enabled |
WebVPN-URL-List |
Y |
71 |
String |
Single |
URL list name |
WebVPN-User-Storage |
Y |
160 |
String |
Single |
|
WebVPN-VDI |
Y |
163 |
String |
Single |
List of settings |