Cisco AnyConnect - Radius Auth with Local IP assignment

Unanswered Question
Feb 12th, 2010

Hello,


I have a Radius Server setup right now with my users being authorized. Right now, they are getting assigned IP addresses to 1 ip local pool. I need to seperate them into groups and the users in those groups need to be assigned their own IPs. What will allow me to assign group specific IP addresses to my VPN users (who are seperated into groups on Radius/MySQL already)?


Example:

Groups:

     Accounting

     Sales

     Management

For those groups:

ip local pool Accounting

ip local pool Sales

ip local pool Management


Users:

Sally - Accounting

John - Sales

Aaron - Management


Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Thu, 02/18/2010 - 10:07

If your radius server supports it you can use local pools on this server and assign a pool to each group the user belongs to, if your anyconnect server is an ASA you can define the pools under the tunnel groups or under the group policies and use the class value mapping to map users to each group policy and use the defined pool.

shakirovshm Tue, 12/11/2012 - 06:53

Can you tell me a littelbit more about configuration? Because i ve tried to find some more information. and i didn't find it. i am useng ACS 5.2.

ju_mobile Tue, 12/11/2012 - 15:21

Hi Kendo

I've implemented something similar but used the defined URL in the anyconnect profile to create the varying pools. In your example the clients might use, yourvpn.yourcompany.com/sales or yourvpn.yourcompany.com/accounts.
It's all down to giving the users the varying urls.

Best Regards

Ju

http://helpamunky.wordpress.com/


Sent from Cisco Technical Support iPad App

Actions

This Discussion