02-16-2011 10:16 AM - edited 02-21-2020 05:10 PM
I am trying to have the following end result as such:
The client IPSEC VPN Client only has three options:
1. North America
2. South America
3. Asia
However within these options a user may reside in Austin, TX and I want the user to utilize the local proxy (i.e. texasproxy:8080). We currently only require the user to enter the RSA passcode and username to authentication (RSA/AD username are identical). Is there a way to have the user authenticate via RSA and have the user's AD group membership (TX) assign the user the specific IE proxy settings? We are utilizing an ASA 5520 on 8.2, but we are willing to upgrade to newer IOS or even consider anyconnect to resolve this issue.
Thanks.
02-16-2011 10:29 AM
You can use AD/LDAP authentication (or authorization if youre using rsa for authentication) to assign a group-policy that exists on the ASA. Inside the group-policy there are some msie proxy settings you can configure.
Information about assigned group policy through LDAP:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503
MSIE proxy setting:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1985503
-heather
Please remember to rate posts and mark them as resolved.
02-16-2011 01:25 PM
heather,
thank you for the information, however I am having issues viewing the configuration examples. Do you have an alternate link or pdf.
cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide