Can someone point me to a paper that will describe how (if possible), that a client logging into a Cisco VPN Concentrator can be given a specific static IP, based on information in a RADIUS profile? (RADIUS is running on an RSA SecureID server, so people authenticating via RADIUS are 2X-factor authenticated.
Requirement: I need a specific IP address to go to a specific user each time they log in. This way, I can authorize them to certain resources by passing them thru a Firewall on the Private side of the concentrator. For now, I have 70 users, but may balloon to 2,000.
I can't rely on the "group password" feature, because if users share group passwords, then they can assign themselves an IP from a pool where they don't belong.
Summary: I need two-factor authentication of an IP address - You must provide 2X-factor authentication to get a certain IP address...