One of our customers so far operates a Cisco VPN-Concetrator 3000 together with a RSA Authentication Manager in order to authenticate the VPN users.
Upon a VPN or RAS user authentication request from the VPN-Conc the request is forwared to the RSA Auth-Server speaking Radius protocol returns a specific group to the VPN-Conc.
Depending on the user/group assignment in the RSA Auth-Server a specific group-name will be returned to the VPN-Conc which will then assign the user a group-specifig IP-address. The VPN-user to HQ-LAN connections are then controlled on a dedicated firewall.
Because the customer wanted to consolidate the RAS and VPN users on a new Cisco Router, this functionality is actually now required by the newly placed router as well.
So far I did not find any documentation or configuration paper addressing this problem.
Is this possible at all to assign a user a specific IP-address based on a group returned from the RSA Auth-Server as it can be done with a VPN-Conc 3000 ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...