I have an ASA 5510 configured to accept IPSEC vpn tunnels with RSA securid authentication. This is usind the SDI protocol. My challenge is to have multiple groups in the ASA and have the RSA grant or deny access based on user and group id. Currently the RSA will grant any valid authentication requests from my ASA 5510. I believe this can be done using radius and the class attribute. Is this possible thourgh SDI protocol?
For example, say I have two ASA tunnel groups. Sales and Marketing. I don't want marketing users to be able to authenticate through Sales group if they stumbled upon the preshared key.
Any guidance would be appriciated.