One other thought, you could put the two group in different realms, see if realms let you do LDAP in one and RSA/LDAP in the other this might work. Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85266 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Greenberg Sent: Friday, March 13, 2009 9:27 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: 2 Access Gateways different default logon points? I think you are right. When you put the CAG in AAC mode the authentication is off loaded to the AAC. If there is no way to segregate the landing point by device you *might* have to bring up a second AAC server to do what you want.. Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85266 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of James Scanlon Sent: Friday, March 13, 2009 8:32 PM To: Thin Subject: [THIN] 2 Access Gateways different default logon points? Greetings again all you fabulous list legends! Quick one hopefully!? I have 2 Gateway Devices both pointing to the same AAC server. I want to have 1 gateway device support LDAP and RSA (its available externally) I want the other to have just LDAP (its only available internally) From what I can tell the advanced authentication methods can only be setup per logon point, however I cant find a way to have 2 different CAGS point to different default logon points (under the same AAC server) Am I missing something really simple? Cheers and best wishes James _____ Let ninemsn property help. Need a new place to rent, share or buy? <http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Edomain%2Ecom%2Eau %2F%3Fs%5Fcid%3DFDMedia%3ANineMSN%5FHotmail%5FTagline&_t=774152450&_r=Domain _tagline&_m=EXT>