we currently use CiscoSecure server to authenticate our remote users against an RSA database.
We have set-up different .PCF files corresponding to the VPN groups on our firewall. So, a particular Profile is only allowed access to certain parts of the network. Then we give the PCF file to the relevant users(s).
This all works fine. However, there is nothing to stop a user obtaining and using a PCF file (e.g. from a colleague) with access to more areas of the network than we want to allow them to. i.e. the PCF files are not tied down to specific users.
Is there anyway this can be achieved with our existing set-up? Can we specify specific users from our Cisco Secure/RSA database are tied down to particular VPN profiles on our firewall?
Any suggestions on the best way of achieving this would be welcome.