10-06-2008 06:21 AM - edited 02-21-2020 03:02 AM
Need to know if their is a way to configure the following on the ASA.
We have 60 users login via VPN through ASA and authenticated via Radius server.
So we need, 60 users configured with each allocated a static ip address.
For example;
60 User - 60 Static Ip address
User 1 - 10.10.10.1
User 2 - 10.10.10.2
-
-
-
User 60 - 10.10.10.60
At present we can do this by creating a object-group per user but this is not scalable, therefore if their is a efficient way of doing this.
10-10-2008 12:03 PM
To use DHCP to assign addresses for VPN clients, you must first configure a DHCP server and the range of IP addresses that the DHCP server can use. Then you define the DHCP server on a tunnel group basis. Optionally, you can also define a DHCP network scope in the group policy associated with the tunnel group or username. This is either an IP network number or IP Address that identifies to the DHCP server which pool of IP addresses to use.
Refer the url below for more information on configuring ip address in ASA:
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/vpnadd.html#wp998941
10-02-2021 06:21 AM
I don't see how using DHCP alone can assign a static IP to the user.
DHCP has no notion of users. At best your get the hostname in the DHCP request. You don't even have the MAC address of the remote device in a VPN scenario.
10-11-2008 03:43 AM
You can assign each user an IP address via the following:
> Locally for each user. (very hectic)
> Using AAA Server
> Using DHCP
Just make sure you set the appropriate option in the 'vpn-addr-assign' command.
Regards
Farrukh
10-19-2008 06:23 AM
Hello Nishit,
I encountered this in past and best solution is installing IAS (Windows Radius) to a Domain Controller (If you want to grab user information from Active Driectory), or to a standalone computer to grab user information locally from computer. In user's dial-in tab, activate static IP and assign the Ip address to user. Set the authentication-server-group in related tunnel-group in firewall
Regards
10-20-2008 03:34 AM
Is this IAS free to download or do we have to purchase it. Can it be configured on the existing Radius serve.
10-20-2008 04:30 AM
It is free, built-in to windows 2003 server. I dont know what do you have currently as a Radius service, but win2003's RADIUS is called IAS. (Internet Authentication Server) Here is how to install
http://technet.microsoft.com/en-us/library/cc781690.aspx
here is the configuration
Feel free to ask during implemention
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: