What is the best way to use DAP when using RSA for user authentication. I really do not want to have the users have to authenticate twice, once for tunnel authentication through RSA and then again for AD authentication. Is there a way to add users to groups on the RSA server and apply policies based on those groups?
Re: Dynamic Access Policies with RSA Authentication
I have a similar request ... I'm trying to setup DAP for two different AAA groups. The first group (vendors) is authenticated to Windows Active Directory using LDAP and I check for a "member of" AAA attribute to define which DAP to apply. This works correctly.
However, the second group (employees) is passed off to RSA using the SDI protocol, because our employees use tokens. The DAP check for "member of" doesn't work. It seems like RSA doesn't return the "member of" attribute ... or if it does, the ASA doesn't receive it. Is it possible to use DAP for RSA authentication? If so, how do you setup the AAA attributes?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...