VPN 3020 - DHCP Relay and Reservations

Answered Question
Apr 29th, 2010

Hi All


I have a VPN Concentrator 3020 in my structure and i'm configuring IP address assignment by an external DHCP Server.

there is no problem in that: the client authenticates and then receives its IP address..

the problem is that i need to configure reservation on the DHCP Server.. the question is: which is the mac address we have to use for the reservation?

i saw on the server that the mac address of the dhcp request is something like that 0003a08a5308020e7f28f4e9a82000, that is the mac address of the external interface of the vpn concentrator, plus many other characters, that don't seem to be related to the client or any other component in the network, and change everytime we connect..

I think I can't assign the IP address statically on the Concentrator or the ACS, because the users authenticates on the VPN Concentrator through MS Active Directory, so they don't really exist on these devices..


does anyone know how can I make this work?

thanks a lot

Marco

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 7 months ago

You can't do that with ip address assigned from DHCP server.

You can configure LDAP server to assign individual ip address depending on which user authenticates for vpn client access.

You will need to configure LDAP server for authorization in the VPN Concentrator, as well as enable "Use Address from Authentication Server" for the ip address assignment.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Sat, 05/01/2010 - 04:47

Yes, you can configure ip pool on the VPN Concentrator per group, and the ip address can be assigned from the ip pool on the VPN Concentrator to the VPN Client user.

To configure ip pool per group:

Configuration --> User Management --> Groups --> click on the specific vpn groups that you would like to configure the ip pool --> on the right hand side: click on Address Pools --> Add new ip pool.

To configure ip pool for all groups:

Configuration --> System --> Address Management --> Pools --> Add ip pool

To use the local ip pool from the VPN Concentrator, you would need to enable it:

Configuration --> System --> Address Management --> Assignment --> enable "Use Address Pools"

Hope that helps.

m.scafidi Mon, 05/03/2010 - 00:55

Hi Halijenn

thanks for your answer.. but my problem is i need to make individual IP reservations for users of the same group...

Correct Answer
Jennifer Halim Mon, 05/03/2010 - 01:17

You can't do that with ip address assigned from DHCP server.

You can configure LDAP server to assign individual ip address depending on which user authenticates for vpn client access.

You will need to configure LDAP server for authorization in the VPN Concentrator, as well as enable "Use Address from Authentication Server" for the ip address assignment.

Actions

This Discussion