Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Locking users into Group using a RSA Auth-Server


One of our customers so far operates a Cisco VPN-Concetrator 3000 together with a RSA Authentication Manager in order to authenticate the VPN users.

Upon a VPN or RAS user authentication request from the VPN-Conc the request is forwared to the RSA Auth-Server speaking Radius protocol returns a specific group to the VPN-Conc.

Depending on the user/group assignment in the RSA Auth-Server a specific group-name will be returned to the VPN-Conc which will then assign the user a group-specifig IP-address. The VPN-user to HQ-LAN connections are then controlled on a dedicated firewall.

Because the customer wanted to consolidate the RAS and VPN users on a new Cisco Router, this functionality is actually now required by the newly placed router as well.

So far I did not find any documentation or configuration paper addressing this problem.

Is this possible at all to assign a user a specific IP-address based on a group returned from the RSA Auth-Server as it can be done with a VPN-Conc 3000 ?



Re: Locking users into Group using a RSA Auth-Server

RSA feature is supported on routers with Easy VPN technology. Refer the following URL for more information.

New Member

Re: Locking users into Group using a RSA Auth-Server

The document you are referring to does not describe the issue I am looking for. It rather deals with signatures.

What I really need to know on how the the router needs to be configured in order to be able to react upon the vendor specific attributes it receives from the Radius server from RSA.