09-16-2009 02:50 AM - edited 03-10-2019 04:41 PM
Hi NetPros
My objective is to assign static IP address for VPN clients.
The tunnel group authentication is on a AAA LDAP server.
AAA LDAP queries has been configured and tested to work.
I followed the guide below, but could not get static IP assignment to work.
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996
The tunnel group is configured to use the DHCP pool and the Group policy on ASA.
- If i do not specify dhcp pool, the error message is: "no assigned address"
- If i configure dhcp pool, the assigned address will be from the pool
Here are my queries on assigning a static IP for aaa-users:
1. Do you need to configure a external policy server for static IP assignment to work?
-I prefer to use the group policy on ASA
2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?
3. Does DHCP service needs to be running on ldap server?
4. As per printscreen below, is Remote Access Policy required?
5. What am I missing out to make static IP assignment work?
Big thanks
09-23-2009 07:12 AM
Hi all
Thanks to friends working in Cisco, they have helped to identify the root cause.
The root cause was due to a misprint on the Cisco document.
The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'
In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide