Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with RSA and LDAP Groups

I'm tryin to rebuild our VPN environment with a pair of 5520. WE're going to use Anyconnect mobility exclusively with SSL. No IPSec and no SSL Webvpn.

We have a large number of contractors using the VPN to access specific internal resources so I would like to use different IP subnets for each contractor assigned through group policy. I don't want to have a different URL for each contractor so I want to assign the group policy through LDAP group memebership. However, primary authentication will be via RSA 2 factor.

How do I get the ASA to check group membership and hense assign the right group when primary authentication is through RSA?

Thanks for any help.

1 REPLY
Cisco Employee

VPN with RSA and LDAP Groups

yes you can do the Authentication to an RSA server and the Authorization to the LDAP server.

Please configure LDAP as an authorization server.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

Do let me know how it goes.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
119
Views
0
Helpful
1
Replies
CreatePlease login to create content