Actually, you can:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

The above configuration sample includes both ASDM and CLI config.

Regards,

DL......Please rate the post if it was useful.

Hello.

You can't. Your document is about " how to assign static IP address for user who uses VPN" , not how to bind specific IP address from DHCP pool, to the specific MAC address.

I was looking around for the same answer when I found what could be a work around.  You can create a static arp entry that should allow the device to get the same IP address everytime. 

You can do this in the ASDM under Device Management -> Advanced -> Arp -> Arp Static Table

Or from the CLI:

arp INSIDE 1.1.1.1 01ac.ac54.dc88

Hi!

Does it really works for you? Why ASA should look to the ARP table, when the client is sending DHCP request?

This functionality is currently not supported on the ASA. There is no known way to implement this functionality (The static ARP idea doesn't work, I just tried it in the lab).

An enhancement bug has been filed requesting this support:

CSCsw72963 ASA local address pools should support DHCP reservations/assignments

I know this post is 3 years old but has this been included on a recent software version update for the ASA?

Nope, still not supported in 9.2(4), 9.3(3) , 9.4(2), or 9.5(1).  The best work-around IMO is use DHCP relay.  

Considering it's already taken them this long, I have no problem betting $100 that it will never happen.  

Hi, 

This is the topology.

Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.

Internet  ----- ASA ------ LAN --- ISE and Windows DHCP Server.

Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.

Would it work by just configuring the DHCP relay on the ASA?

Thanks.

Maybe NAT the user to another interface.  The traffic would always come from the same source.

Do you have any reference for "dhcpd reserve-address"?

I can't see it in the release notes for 9.13(1):

https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html

I'm looking at upgrading from ASA5505 to FirePower 1010 (which I believe runs 9.13(1)and this feature would be really nice...

Jay,

Can this be used for remote access VPN clients?