Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mapping Cisco VPN groups in Safeword PA

We have Secure Computing Premier Access Safeword to authenticate VPN users.

The setup goes this way, in Cisco VPN Concentrator 3000 we have defined

groups to filter users access. For instance, every

organization unit has a unique group which is eligible to access a certain

portion in our network. On the other side, we have Safeword as our personal

authentication mean. Of course, users are defined here in Safeword not in

Cisco VPN Concentrator 3000.

The issue is: Cisco VPN Concentrator 3000 groups are not mapped in

Safeword. Thus, security rules, i.e. Cisco VPN Concentrator 3000 groups

access rights could be broken.

Our objective is to find a way to lock users into their groups, i.e.

integrate Cisco VPN Concentrator 3000 groups into Safeword or any other

acceptable sort of groups mapping where bypassing access is not possible.

We succeeded to do both authentication steps: groups and users in Safeword by recreating according VPN groups in Safeword. However, this had killed the chance to filter users access in Cisco VPN since the groups are specified now as externally configured where all access filteration controls are not usable where Cisco VPN 3000 assumes the external server will take care of this.

How to do the groups mapping with effective access filteration?