Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
1
Replies

WebVPN groups and RSA SecureID configuration...

ahmed.gadi
Level 1
Level 1

‎10-24-2011 02:31 AM - edited ‎03-09-2019 11:42 PM

Greetings All,

I have a ASA 5520 upon which I need to build a WebVPN for the company urls - webmail, intranet portals etc.

There will be 2 groups -

a. Confidential Access - For senior management.

b. Public Access - For employee access.

RSA Token & LDAP auth would be used for access to the WebVPN.

How do I isolate the 2 groups?  I mean only Senior management should be able to view & access the first set of links while employees see and access the other set of links only.

Both the groups will be available to all users loggin on to the WebVPN. Since the authentication mechanism - LDAP - is the same, anyone would be able to access the groups and in turn, urls.

Please suggest what approach can be taken in this regard.

Thanks,

Ahmed Gadi

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎11-09-2011 04:09 AM

Hi Ahmed,

you can achieve this by creating groups (if you don't already have them) on the LDAP server, then putting the users in the appropriate groups.

Then on the ASA you can do one of two things:

- use DAP policies to apply settings based on the LDAP memberOf attribute

or

- use an LDAP attribute map to map the memberOf attribute to a group-policy

Let me know if you would like more details on either option.

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents