ldap users RA vpn static ip's

esossamon · ‎08-02-2010

I would like to setup some remote access IPSec vpn users who authenticate via ldap with static ip's when they initiate their tunnel. Is this possible? I have this setup on an ASA with 8.0 code.

Yudong Wu · ‎08-02-2010

authentication via ldap for RA vpn is a well know implemention scenario.

The following example show you how to configure LDAP server on ASA for vpn authentication. The example is for webvpn but ldap part is applied to IPSec vpn as well.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_example09186a00808c3c45.shtml

Not sure what do you mean "static IP" here.

In RA vpn, ASA should assign a IP to the client. You can assign this IP via DHCP, local ip pool etc.

esossamon · ‎08-02-2010

Sorry I should clarify I already have LDAP setup for authentication but I have a need for a few vpn users who authenticate to get the same ip each time. This can be from the dhcp pool I've setup. I need to know if this possible to do and if so how to go about setting it up? Thanks!

Yudong Wu · ‎08-03-2010

In this case, I think you can configure your ldap server to return an attribute with assigned IP address (such as msRADIUSFramedIPAddress), then on ASA, you need do ldap-attribute-map to map the above attribute to "IETF-Radius-Framed-IP-Address" so that ASA could understand it and assign this address to vpn client.