IPSEC ON CISCO ASA 5540

Unanswered Question
Aug 3rd, 2010

Hello,

I have a general query. We have a Cisco ASA 5540 which we plan to use a IPSec VPN concentrator for clients. We are looking at an option where remote users would be authenticated using an external server and for each userid a host IP will be binded statically. Once authentication succeeds the host IP must be thrown to the end client PC. The resources behind the ASA would be accessed using this IP.

This might sound generic, but can people give some options on how this can be acheived.

NOTE - Each userid must be binded to a static host IP.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 08/03/2010 - 07:34

Yes, you can assign each user with static ip address.

There are the following options to assign ip address to VPN users:

1) IP Pool - dynamic assignment

2) Local ASA user database - static ip address assignment via the "vpn-framed-ip-address" command

3) Via DHCP server - to be enabled via "vpn-addr-assign dhcp" command

4) Via AAA server - to be enabled via "vpn-addr-assign aaa" command

Here are the sample configuration for option 2 and 3 above:

Option 2:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

Option 3:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

For Option 4 which is what you are trying to achieve, you can configure it as long as the external AAA server supports ip address assignment.

Hope that helps.

Actions

This Discussion