Mapping Cisco VPN groups in Safeword PA

Unanswered Question
Sep 4th, 2007
User Badges:

We have Secure Computing Premier Access Safeword to authenticate VPN users.

The setup goes this way, in Cisco VPN Concentrator 3000 we have defined

groups to filter users access. For instance, every

organization unit has a unique group which is eligible to access a certain

portion in our network. On the other side, we have Safeword as our personal

authentication mean. Of course, users are defined here in Safeword not in

Cisco VPN Concentrator 3000.

The issue is: Cisco VPN Concentrator 3000 groups are not mapped in

Safeword. Thus, security rules, i.e. Cisco VPN Concentrator 3000 groups

access rights could be broken.

Our objective is to find a way to lock users into their groups, i.e.

integrate Cisco VPN Concentrator 3000 groups into Safeword or any other

acceptable sort of groups mapping where bypassing access is not possible.

We succeeded to do both authentication steps: groups and users in Safeword by recreating according VPN groups in Safeword. However, this had killed the chance to filter users access in Cisco VPN since the groups are specified now as externally configured where all access filteration controls are not usable where Cisco VPN 3000 assumes the external server will take care of this.

How to do the groups mapping with effective access filteration?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion