IOS EZVPN and Static IP Address

Unanswered Question
Apr 18th, 2009
User Badges:

Have approx 50-60 EZVPN Clients terminating on our Server. I would like it so that each ezvpn client is give a static ip address, nainly for management polling. The only way I can get ezvpn to work at the moment is with a DHCP on the Cisco ACS Server, the pool is assigned to the EZVPN Group.

Any ideas,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Mon, 04/20/2009 - 06:44
User Badges:
  • Cisco Employee,

If you are using Radius, you can configure the Framed-IP Address attribute to pass the ip address for the user that has been authenticated. Assigning an ip address per user is the best approach you have.

derekgaff Tue, 04/21/2009 - 01:09
User Badges:

Hi Imartino

Thank you for your reply, but correct me if im wrong here. But isent the IP Address assigned to the client at IKE stage of the IPSec setup. The username authentication comes afterwords.

Just to confirm, what you are saying. There are two authentications per setup, first one is Group Name/Password and the second one is the ezyvpn username password.

Which one are you refering too. Just to let you know that all our clients use the same Group Name/Password for the IKE stage, only difference between clients is the ezvpn username/password. All clients are part of the same customer.



Ivan Martinon Tue, 04/21/2009 - 06:22
User Badges:
  • Cisco Employee,

IP address assignment comes on the MODE CONFIG message/stage if the EZVPN setup, MODE CONFIG comes after IKE has been completed and for IKE (Phase 1) to be complated Xauth needs to be succesful hence user authentication comes before the ip address is assigned.


This Discussion