ldap users RA vpn static ip's

Unanswered Question
Aug 2nd, 2010
User Badges:

I would like to setup some remote access IPSec vpn users who authenticate via ldap with static ip's when they initiate their tunnel.  Is this possible?  I have this setup on an ASA with 8.0 code.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Mon, 08/02/2010 - 21:18
User Badges:
  • Gold, 750 points or more

authentication via ldap for RA vpn is a well know implemention scenario.

The following example show you how to configure LDAP server on ASA for vpn authentication. The example is for webvpn but ldap part is applied to IPSec vpn as well.


Not sure what do you mean "static IP" here.

In RA vpn, ASA should assign a IP to the client. You can assign this IP via DHCP, local ip pool etc.

esossamon Mon, 08/02/2010 - 21:37
User Badges:

Sorry I should clarify I already have LDAP setup for authentication but I have a need for a few vpn users who authenticate to get the same ip each time.  This can be from the dhcp pool I've setup.  I need to know if this possible to do and if so how to go about setting it up?  Thanks!

Yudong Wu Tue, 08/03/2010 - 09:26
User Badges:
  • Gold, 750 points or more

In this case, I think you can configure your ldap server to return an attribute with assigned IP address (such as msRADIUSFramedIPAddress), then on ASA, you need do ldap-attribute-map to map the above attribute to "IETF-Radius-Framed-IP-Address" so that ASA could understand it and assign this address to vpn client.


This Discussion