Locking users into Group using a RSA Auth-Server

Unanswered Question
Apr 2nd, 2008
User Badges:


One of our customers so far operates a Cisco VPN-Concetrator 3000 together with a RSA Authentication Manager in order to authenticate the VPN users.

Upon a VPN or RAS user authentication request from the VPN-Conc the request is forwared to the RSA Auth-Server speaking Radius protocol returns a specific group to the VPN-Conc.

Depending on the user/group assignment in the RSA Auth-Server a specific group-name will be returned to the VPN-Conc which will then assign the user a group-specifig IP-address. The VPN-user to HQ-LAN connections are then controlled on a dedicated firewall.

Because the customer wanted to consolidate the RAS and VPN users on a new Cisco Router, this functionality is actually now required by the newly placed router as well.

So far I did not find any documentation or configuration paper addressing this problem.

Is this possible at all to assign a user a specific IP-address based on a group returned from the RSA Auth-Server as it can be done with a VPN-Conc 3000 ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
roland.sonder Tue, 04/15/2008 - 09:51
User Badges:

The document you are referring to does not describe the issue I am looking for. It rather deals with signatures.

What I really need to know on how the the router needs to be configured in order to be able to react upon the vendor specific attributes it receives from the Radius server from RSA.



This Discussion