Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
2
Replies

Locking users into Group using a RSA Auth-Server

roland.sonder
Level 1
Level 1

‎04-02-2008 04:36 AM

Hello,

One of our customers so far operates a Cisco VPN-Concetrator 3000 together with a RSA Authentication Manager in order to authenticate the VPN users.

Upon a VPN or RAS user authentication request from the VPN-Conc the request is forwared to the RSA Auth-Server speaking Radius protocol returns a specific group to the VPN-Conc.

Depending on the user/group assignment in the RSA Auth-Server a specific group-name will be returned to the VPN-Conc which will then assign the user a group-specifig IP-address. The VPN-user to HQ-LAN connections are then controlled on a dedicated firewall.

Because the customer wanted to consolidate the RAS and VPN users on a new Cisco Router, this functionality is actually now required by the newly placed router as well.

So far I did not find any documentation or configuration paper addressing this problem.

Is this possible at all to assign a user a specific IP-address based on a group returned from the RSA Auth-Server as it can be done with a VPN-Conc 3000 ?

Roland

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎04-08-2008 06:03 AM

RSA feature is supported on routers with Easy VPN technology. Refer the following URL http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtevcrsa.html#wp1053759 for more information.

0 Helpful

roland.sonder
Level 1
Level 1
In response to irisrios

‎04-15-2008 09:51 AM

The document you are referring to does not describe the issue I am looking for. It rather deals with signatures.

What I really need to know on how the the router needs to be configured in order to be able to react upon the vendor specific attributes it receives from the Radius server from RSA.

Roland

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents