Assign Static IP to VPN clients authenticated on AAA server

Unanswered Question
Sep 16th, 2009

Hi NetPros

My objective is to assign static IP address for VPN clients.

The tunnel group authentication is on a AAA LDAP server.

AAA LDAP queries has been configured and tested to work.

I followed the guide below, but could not get static IP assignment to work.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996

The tunnel group is configured to use the DHCP pool and the Group policy on ASA.

- If i do not specify dhcp pool, the error message is: "no assigned address"

- If i configure dhcp pool, the assigned address will be from the pool

Here are my queries on assigning a static IP for aaa-users:

1. Do you need to configure a external policy server for static IP assignment to work?

-I prefer to use the group policy on ASA

2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?

3. Does DHCP service needs to be running on ldap server?

4. As per printscreen below, is Remote Access Policy required?

5. What am I missing out to make static IP assignment work?

Big thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tears4Fears Wed, 09/23/2009 - 07:12

Hi all

Thanks to friends working in Cisco, they have helped to identify the root cause.

The root cause was due to a misprint on the Cisco document.

The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'

In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.

Actions

This Discussion