09-28-2010 06:14 AM
I have an ASA5520 setup with local DHCP pools for IPSEC clients connecting. I have certain pools assigned to certain connection profiles. i have a user who requires the same IP everytime they connect. what is the best way to accomplish this?
Thanks,
Sigh
09-28-2010 01:56 PM
Hi,
Are you using local authentication for the VPN clients?
If so, you can assign the user a static IP:
username JOHN attributes
vpn-framed-ip-address x.x.x.x
In this way when the user JOHN authenticates to the ASA, the ASA will allocate the x.x.x.x IP always.
Federico.
09-28-2010 09:04 PM
Thanks for the response, however I am using RSA authentication.
Sigh
09-29-2010 09:04 AM
If you have a VPN client (john).
Then you create a VPN profile for this user:
tunnel-group john type remote-access
tunnel-group john general-attributes
address-pool VPNPool
authentication-server-group x.x.x.x --> your RSA server
default-group-policy john --> the group-policy to use
Then, the address pool VPNPool could be a pool of a single IP address.
In this way, user john will connect to the ASA, will authenticate to the RSA server and will always get an IP from the VPNPool (which consist of a single IP)
Federico.
09-30-2010 05:47 AM
Hi Federico,
Yes this is the way i have many groups configured now. Certain profiles getting different IP pools. I was looking for a different way to avoid creating a profile for each user requiring a static IP in order to add to ACLs.
Would there be anyway to have a profile use an internal Windows DHCP Server where the computer would have a reservation?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide