topic VPN with RSA and LDAP Groups in VPN https://community.cisco.com/t5/vpn/vpn-with-rsa-and-ldap-groups/m-p/2347693#M88118 <P>I'm tryin to rebuild our VPN environment with a pair of 5520. WE're going to use Anyconnect mobility exclusively with SSL. No IPSec and no SSL Webvpn.</P><P></P><P>We have a large number of contractors using the VPN to access specific internal resources so I would like to use different IP subnets for each contractor assigned through group policy. I don't want to have a different URL for each contractor so I want to assign the group policy through LDAP group memebership. However, primary authentication will be via RSA 2 factor.</P><P></P><P>How do I get the ASA to check group membership and hense assign the right group when primary authentication is through RSA?</P><P>Thanks for any help.</P> Mon, 07 Oct 2013 16:51:57 GMT Bruce_Arnott_NH 2013-10-07T16:51:57Z VPN with RSA and LDAP Groups https://community.cisco.com/t5/vpn/vpn-with-rsa-and-ldap-groups/m-p/2347693#M88118 <P>I'm tryin to rebuild our VPN environment with a pair of 5520. WE're going to use Anyconnect mobility exclusively with SSL. No IPSec and no SSL Webvpn.</P><P></P><P>We have a large number of contractors using the VPN to access specific internal resources so I would like to use different IP subnets for each contractor assigned through group policy. I don't want to have a different URL for each contractor so I want to assign the group policy through LDAP group memebership. However, primary authentication will be via RSA 2 factor.</P><P></P><P>How do I get the ASA to check group membership and hense assign the right group when primary authentication is through RSA?</P><P>Thanks for any help.</P> Mon, 07 Oct 2013 16:51:57 GMT https://community.cisco.com/t5/vpn/vpn-with-rsa-and-ldap-groups/m-p/2347693#M88118 Bruce_Arnott_NH 2013-10-07T16:51:57Z VPN with RSA and LDAP Groups https://community.cisco.com/t5/vpn/vpn-with-rsa-and-ldap-groups/m-p/2347694#M88119 <HTML><HEAD></HEAD><BODY><P>yes you can do the Authentication to an RSA server and the Authorization to the LDAP server.</P><P>Please configure LDAP as an authorization server.</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml</A></P><P>Do let me know how it goes.</P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Tue, 08 Oct 2013 08:52:38 GMT https://community.cisco.com/t5/vpn/vpn-with-rsa-and-ldap-groups/m-p/2347694#M88119 Jatin Katyal 2013-10-08T08:52:38Z