Re: IPSEC VPN Group/Auth Issue (RSA/LDAP)

yuji_hajime · ‎02-16-2011

I am trying to have the following end result as such:

The client IPSEC VPN Client only has three options:

1. North America

2. South America

3. Asia

However within these options a user may reside in Austin, TX and I want the user to utilize the local proxy (i.e. texasproxy:8080). We currently only require the user to enter the RSA passcode and username to authentication (RSA/AD username are identical). Is there a way to have the user authenticate via RSA and have the user's AD group membership (TX) assign the user the specific IE proxy settings? We are utilizing an ASA 5520 on 8.2, but we are willing to upgrade to newer IOS or even consider anyconnect to resolve this issue.

Thanks.

hdashnau · ‎02-16-2011

You can use AD/LDAP authentication (or authorization if youre using rsa for authentication) to assign a group-policy that exists on the ASA. Inside the group-policy there are some msie proxy settings you can configure.

Information about assigned group policy through LDAP:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a008089149d.shtml

MSIE proxy setting:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503

-heather

Please remember to rate posts and mark them as resolved.

yuji_hajime · ‎02-16-2011

heather,

thank you for the information, however I am having issues viewing the configuration examples. Do you have an alternate link or pdf.

cheers.