ASA/ACS/AD - SafeWord authentication and AD Group mappings
Hi. I?m doing a theoretical pre study about about ASA/ACS/AD integration.
From what I can find in the documentation of Cisco ACS it is possible to map Active Directory user groups to ACS groups and thereby give user different authority in the network (Correct?).
The thing is that we have to use SafeWord PremierAccess for token authentication and I can?t figure out from the documentation if it is possible to authenticate with SafeWord and then do the authorization from Active Directory user groups?
Today things look like this:
User who access the network remotely thru a VPN connection are today authenticated by a SafeWord PremierAccess how asks the RADIUS database for user credentials. These are then returned to the ASA 55XX who lets the user access the network.
What I want to accomplice is this:
User who access the network remotely through a VPN connection should be authenticated by a SafeWord PremierAccess server (in the same way as before) but Authorization should be taken from a Active Directory where the user is assigned to ordinary users groups. These user groups should have a corresponding ACS group assigned to them whit access restrictions.
If a user that has a group membership in the AD called e.g. CrappyCorp and that this group has a corresponding ACS group that restricts user the access only to CrappyCorps V-lan.
Is it possible to configure ACS to use the SafeWord PremierAccess server as an authentication database and then use Active Directory for group mappings?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...