Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
1
Replies

ASA Remote-Access VPN

fatalXerror
Level 5
Level 5

‎09-10-2017 05:03 AM - edited ‎02-21-2020 06:17 AM

Hi Experts,

I am using an ASA as my VPN concentrator and I am configuring 1 tunnel group and multiple group policies so that the client will just connect to just 1 tunnel and their group assignment will be assigned in the backend.

I also have RSA for 2 factor authentication and this RSA is integrated to the AD and it runs as RADIUS server. 

I made a similar design before but, at that time I am using Cisco ISE as my RADIUS server. What I did at that time is that Cisco ISE returns Radius.Class attributes to ASA so that ASA can assign group-policy.

My question is this, does the RSA running as the RADIUS server & 2 factor authentication can do also the same thing; returning radius.class attribute to ASA?

Thanks

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎09-10-2017 07:38 PM

Hi

Yes you can send what ever attribute you want. You can create also specify radius attributes.
Here an example:
https://community.rsa.com/docs/DOC-46884

You can also add the RSA radius to Cisco ISE to get an accept our reject answer and ISE will send back the profile to your user.



Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card