Assign an Authentication Server
To assign a preconfigured authentication server group to a proxy e-mail service, use the
following command:
Command Description
default-group-policy Assigns a name of the group-policy to use when AAA does not
return a CLASSID attribute. If this is not assigned, and no
CLASSID has been used with the AAA, the session will be
rejected.
port Assigns the port that the proxy listens to. This defaults to 995.
server address Assigns the default mail server to be used when the user
connects to the mail proxy service and does not specify a mail
server.
outstanding number Sets the number of outstanding, nonauthenticated sessions
that are allowed. If the number of connections exceeds this
setting, the oldest connection is terminated to help reduce
DOS attacks. The default setting is 20; the range is from 1 to
100.
name-separator symbol This is the separator between the e-mail and VPN usernames
and passwords. Choices are “@”, “|”, “:”, “#”, “,” and “;”.
The default is “:”.
server-separator symbol This is the separator between the e-mail and server names.
Choices are “@”, “|”, “:”, “#”, “,” and “;”. The default is “:”.
Table 13-14 Proxy Subcommands (Continued)
Configuring the Security Appliance as a WebVPN Gateway 371
authentication-server-group group tag
The ASA defaults to not having an authentication-group assigned to the proxy e-mail service.
You must set an authentication type for a proxy e-mail service. The ASA 55X0 supports four
authentication types (see Table 13-15). The default type used is AAA. Use the authentication
command to assign the authentication type to the proxy e-mail service:
authentication {AAA | certificate | mailhost | piggyback}