05-30-2006 12:40 AM
Has anyone implemented SSL VPN on an ASA appliance using Securid keyfob tokens ? The datasheets indicate native RSA can be used for authentication but does this work with SSL VPN's ?
Thanks
Solved! Go to Solution.
06-05-2006 05:49 AM
06-05-2006 05:49 AM
11-14-2006 04:32 AM
Hi
Were you ever able to get this to work? I am implementing the same thing using token authentication.
Thanks!
11-14-2006 06:07 AM
Hi David,
I went for the token RSA appliance which had an out of the box setup.
On the ASA here's a sample config to get the client authentication to work for IPSEC:
aaa-server SDI protocol sdi
aaa-server SDI host 192.168.1.1
tunnel-group clientvpn type ipsec-ra
tunnel-group clientvpn general-attributes
address-pool vpnpool
authentication-server-group SDI
default-group-policy clientvpn
authorization-required
Best regards,
Mark
11-21-2007 07:25 AM
Hi Mark,
This seems to apply a default group to all client authenticate by SecurID. Were you able to assign groups so that different clients has different policy ? Thanks.
11-21-2007 07:42 AM
Hi Jason,
I've seen this done. You specify the default group policy in each separate tunnel-group then create a separate group policy for each one.
e.g.
group-policy clientvpn internal
group-policy clientvpn attributes
wins-server value 192.168.1.2
dns-server value 192.168.1.139 192.168.1.3
vpn-idle-timeout none
vpn-session-timeout none
ipsec-udp enable
ipsec-udp-port 10000
split-tunnel-policy excludespecified
split-tunnel-network-list value clientsplit
default-domain value mydomain.local
Then you might have a different policy for another group say without split tunneling. etc.
Cheers,
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide