I'm configuring VPN access on an ASA running 7.2.2(19) using RSA SecurID as the authentication source. I need RSA SecurID to return the Active Directory group attribute so we can map the user role in an in-line NAC appliance deployment. Is this possible? If so, how?