Cisco ASA L2TP VPN address pool assignable via RADIUS?

Unanswered Question

I'm authenticating L2TPoIPSec VPN users using RADIUS without problems.

Rather than using the tunnel-group "address-pool" general-attribute to specify the pool, I would rather have the local pool name pushed by RADIUS.

So far, I haven't had any luck. The ASA assigns using the address-pool statement in the tunnel-group general-attributes. I also tried removing the address-pool statement (in case RADIUS attribute couldn't override), but then the client fails to connect.

Framed-Address works for forcing the IP address and overriding the local pool, but so far I haven't had any luck setting the local pool via RADIUS attributes.

I have tried using Cisco-AVPair "ip:addr-pool=x" with no success.

I've tried just about all other attributes in my dictionary files that mention "pool" as well.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
collaborativefusion Wed, 07/29/2009 - 14:05

You want to use the RADIUS attribute "Framed-Address" and "Framed-Netmask"

I'm researching the latest VPNC3K firmware changed the behavior on usage:

If your F-A was in use, previous it would fall back to an address from the pool, now it just craps itself >:}



This Discussion