Assign Static IP to VPN clients authenticated on AAA server

Unanswered Question
Sep 16th, 2009
User Badges:

Hi NetPros

My objective is to assign static IP address for VPN clients.

The tunnel group authentication is on a AAA LDAP server.

AAA LDAP queries has been configured and tested to work.

I followed the guide below, but could not get static IP assignment to work.

The tunnel group is configured to use the DHCP pool and the Group policy on ASA.

- If i do not specify dhcp pool, the error message is: "no assigned address"

- If i configure dhcp pool, the assigned address will be from the pool

Here are my queries on assigning a static IP for aaa-users:

1. Do you need to configure a external policy server for static IP assignment to work?

-I prefer to use the group policy on ASA

2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?

3. Does DHCP service needs to be running on ldap server?

4. As per printscreen below, is Remote Access Policy required?

5. What am I missing out to make static IP assignment work?

Big thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tears4Fears Wed, 09/23/2009 - 07:12
User Badges:

Hi all

Thanks to friends working in Cisco, they have helped to identify the root cause.

The root cause was due to a misprint on the Cisco document.

The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'

In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.


This Discussion