Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SecurID and ASA Groups

I have an ASA 5510 configured to accept IPSEC vpn tunnels with RSA securid authentication.  This is usind the SDI protocol.  My challenge is to have multiple groups in the ASA and have the RSA grant or deny access based on user and group id. Currently the RSA will grant any valid authentication requests from my ASA 5510. I believe this can be done using radius and the class attribute. Is this possible thourgh SDI protocol?

For example, say I have two ASA tunnel groups.  Sales and Marketing.  I don't want marketing users to be able to authenticate through Sales group if they stumbled upon the preshared key.

Any guidance would be appriciated.