cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1750
Views
0
Helpful
2
Replies

IPSEC VPN Group/Auth Issue (RSA/LDAP)

yuji_hajime
Level 1
Level 1

I am trying to have the following end result as such:

The client IPSEC VPN Client only has three options:

1. North America

2. South America

3. Asia

However within these options a user may reside in Austin, TX and I want the user to utilize the local proxy (i.e. texasproxy:8080). We currently only require the user to enter the RSA passcode and username to authentication (RSA/AD username are identical). Is there a way to have the user authenticate via RSA and have the user's AD group membership (TX) assign the user the specific IE proxy settings? We are utilizing an ASA 5520 on 8.2, but we are willing to upgrade to newer IOS or even consider anyconnect to resolve this issue.

Thanks.

2 Replies 2

hdashnau
Cisco Employee
Cisco Employee

You can use AD/LDAP authentication (or authorization if youre using  rsa for authentication) to assign a group-policy that exists on the ASA.  Inside the group-policy there are some msie proxy settings you can  configure.

Information about assigned group policy through LDAP:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a008089149d.shtml

MSIE proxy setting:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503

-heather

Please remember to rate posts and mark them as resolved.

heather,

thank you for the information, however I am having issues viewing the configuration examples. Do you have an alternate link or pdf.

cheers.