Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
1
Replies

SSL VPN groups with RSA

pweinstein
Level 1
Level 1

‎11-01-2010 12:04 PM

I have a Cisco ASA5510 running 8.2.2.  I am tasked with needing to have users authenicate with RSA tokens.  Easy enough to setup once we got the RSA server and tokens.  Now I am faced with the problem of controlling which VPN groups users are authorized to login to (i.e. end users, sysadmins, msadmins, netadmins, etc).  Currently any user can login to any group.  We need to lock down what VPN groups users are permitted to login to, so that we don't have a end user suddenly having access to our HR servers or any of our production systems.

The method we used before we implemented RSA tokens was with LDAP.  However RSA says they don't support LDAP/group authorization.  Has anyone else run into this and what are some possible solutions.

Thanks,

Paul W

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-04-2010 09:50 AM

Paul,

If you don't know which group a given user belongs to it will be tricky/impossible.

You can use group-lock in ASA, but you would need to know the group.

I've seen RSA servers connecting to ASA both via SDI or RADIUS, which one do you use and how many users are we talking about?

If RADIUS you can push other parameters from server - like group.

Marcin

0 Helpful
Customers Also Viewed These Support Documents