Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN with RSA and LDAP Groups

I'm tryin to rebuild our VPN environment with a pair of 5520. WE're going to use Anyconnect mobility exclusively with SSL. No IPSec and no SSL Webvpn.

We have a large number of contractors using the VPN to access specific internal resources so I would like to use different IP subnets for each contractor assigned through group policy. I don't want to have a different URL for each contractor so I want to assign the group policy through LDAP group memebership. However, primary authentication will be via RSA 2 factor.

How do I get the ASA to check group membership and hense assign the right group when primary authentication is through RSA?

Thanks for any help.

Cisco Employee

VPN with RSA and LDAP Groups

yes you can do the Authentication to an RSA server and the Authorization to the LDAP server.

Please configure LDAP as an authorization server.

Do let me know how it goes.

Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
CreatePlease login to create content