I am trying to configure an ASA (ver 7.2) for VPN remote access using RSA SecurID for authentication.
My goal is to duplicate a setup that has been in place for years in our Nortel Contivity VPN concentrators. How the access works now:
1) Users open VPN connections to Contivity.
2) Authentication requests are passed to RSA SecureID ACE servers configured to use RADIUS protocol. Each user name is assigned in the RSA server to a user group.
3) The RSA server accepts the user, and returns the corresponding user group ID.
4) User groups are also defined in Contivity, and each group has a filter. The access for each user is restricted based on the user group returned by the RSA server.
Can I achieve the same result using Cisco ASA appliances? I cannot find documentation on how users can be assigned dynamically to a tunnel group based on attributes returned by the RSA RADIUS server.