Assign Static IP to VPN clients authenticated on AAA server

Unanswered Question
Sep 16th, 2009
User Badges:

Hi NetPros


My objective is to assign static IP address for VPN clients.


The tunnel group authentication is on a AAA LDAP server.

AAA LDAP queries has been configured and tested to work.


I followed the guide below, but could not get static IP assignment to work.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996


The tunnel group is configured to use the DHCP pool and the Group policy on ASA.

- If i do not specify dhcp pool, the error message is: "no assigned address"

- If i configure dhcp pool, the assigned address will be from the pool


Here are my queries on assigning a static IP for aaa-users:

1. Do you need to configure a external policy server for static IP assignment to work?

-I prefer to use the group policy on ASA

2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?

3. Does DHCP service needs to be running on ldap server?

4. As per printscreen below, is Remote Access Policy required?

5. What am I missing out to make static IP assignment work?


Big thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tears4Fears Wed, 09/23/2009 - 07:12
User Badges:

Hi all


Thanks to friends working in Cisco, they have helped to identify the root cause.


The root cause was due to a misprint on the Cisco document.


The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'


In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.

Actions

This Discussion