Cisco AnyConnect - Radius Auth with Local IP assignment

KendoOtaku · ‎02-12-2010

Hello,

I have a Radius Server setup right now with my users being authorized. Right now, they are getting assigned IP addresses to 1 ip local pool. I need to seperate them into groups and the users in those groups need to be assigned their own IPs. What will allow me to assign group specific IP addresses to my VPN users (who are seperated into groups on Radius/MySQL already)?

Example:

Groups:

Accounting

Sales

Management

For those groups:

ip local pool Accounting

ip local pool Sales

ip local pool Management

Users:

Sally - Accounting

John - Sales

Aaron - Management

Thank you,

Ivan Martinon · ‎02-18-2010

If your radius server supports it you can use local pools on this server and assign a pool to each group the user belongs to, if your anyconnect server is an ASA you can define the pools under the tunnel groups or under the group policies and use the class value mapping to map users to each group policy and use the defined pool.

shakirovshm · ‎12-11-2012

Can you tell me a littelbit more about configuration? Because i ve tried to find some more information. and i didn't find it. i am useng ACS 5.2.

ju_mobile · ‎12-11-2012

Hi Kendo

I've implemented something similar but used the defined URL in the anyconnect profile to create the varying pools. In your example the clients might use, yourvpn.yourcompany.com/sales or yourvpn.yourcompany.com/accounts.
It's all down to giving the users the varying urls.

Best Regards

Ju

http://helpamunky.wordpress.com/

Sent from Cisco Technical Support iPad App