I'm currently using a PIX515E to terminate Cisco VPN client tunnels. I would like to assign users to different VPN groups on the firewall based on what group they are members of on our RSA/ACE server.
The only way I see to designate group membership is within the pcf file on the clients machine. I don't want to rely on the security of our pcf files for group membership.
Is it possible to use RSA ACE groups to dictate what VPN group users are assigned to? If not on the PIX515E can another Cisco product do this? And are there instructions somewhere for getting this solution to work.