RSA (SDI) for Authentication and LDAP (AD) for Authorization for ASA VPN
We currently use RSA for VPN authentication. I have configured and tested LDAP on the ASA. I would like the ASA to query AD via LDAP for the group membership of the user trying to login and will give them a specific Access Policy off of that group. Is there a way to do this when the user is authenticating soley through RSA?
Re: RSA (SDI) for Authentication and LDAP (AD) for Authorization
Thanks for the link. However it does not explain how to accomplish this. I have succesfully gotten it to work with using AD for authentication and LDAP for authorization, however not using RSA for authentication and LDAP for authorization. The DAP i setup looks to see if the user is a member of an LDAP group, but the userid it is looking for i am assuming is the RSA UserID, which it will not find on the LDAP server. Is there a way to link a rsa userid with a windows userid?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...