ASA static ip address per user

Unanswered Question
Oct 6th, 2008
User Badges:

Need to know if their is a way to configure the following on the ASA.

We have 60 users login via VPN through ASA and authenticated via Radius server.

So we need, 60 users configured with each allocated a static ip address.

For example;

60 User - 60 Static Ip address

User 1 -

User 2 -




User 60 -

At present we can do this by creating a object-group per user but this is not scalable, therefore if their is a efficient way of doing this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Fri, 10/10/2008 - 12:03
User Badges:
  • Bronze, 100 points or more

To use DHCP to assign addresses for VPN clients, you must first configure a DHCP server and the range of IP addresses that the DHCP server can use. Then you define the DHCP server on a tunnel group basis. Optionally, you can also define a DHCP network scope in the group policy associated with the tunnel group or username. This is either an IP network number or IP Address that identifies to the DHCP server which pool of IP addresses to use.

Refer the url below for more information on configuring ip address in ASA:

Farrukh Haroon Sat, 10/11/2008 - 03:43
User Badges:
  • Red, 2250 points or more

You can assign each user an IP address via the following:

> Locally for each user. (very hectic)

> Using AAA Server

> Using DHCP

Just make sure you set the appropriate option in the 'vpn-addr-assign' command.



husycisco Sun, 10/19/2008 - 06:23
User Badges:
  • Gold, 750 points or more

Hello Nishit,

I encountered this in past and best solution is installing IAS (Windows Radius) to a Domain Controller (If you want to grab user information from Active Driectory), or to a standalone computer to grab user information locally from computer. In user's dial-in tab, activate static IP and assign the Ip address to user. Set the authentication-server-group in related tunnel-group in firewall


patel.nishit Mon, 10/20/2008 - 03:34
User Badges:

Is this IAS free to download or do we have to purchase it. Can it be configured on the existing Radius serve.

husycisco Mon, 10/20/2008 - 04:30
User Badges:
  • Gold, 750 points or more

It is free, built-in to windows 2003 server. I dont know what do you have currently as a Radius service, but win2003's RADIUS is called IAS. (Internet Authentication Server) Here is how to install

here is the configuration

Feel free to ask during implemention


This Discussion