Remote access IPSec VPN with RADIUS authentication

Unanswered Question
Aug 29th, 2003
User Badges:


I have a scenario of IPSec VPN Client establishing IPSec VPN sessions with a PIX Firewall authenticating the clients with a RADIUS server. I tried doing this with a local IP address pool configured in the PIX, assigning IP addresses for the clients. It worked. Can I have a client getting authenticated from a RADIUS server and getting an IP assigned to it from the RADIUS server ? With this I can account the accessibilty of the users and restrict access internally based on the IP address.

All these I can do if I can tie an IP address to an user ID in the RADIUS server. Above all it should workin this IPSec VPN setup. ?

Is there anybody who had some experience on these kind of setup ?

Pls reply.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
gfullage Fri, 08/29/2003 - 19:29
User Badges:
  • Cisco Employee,

No, you can't assign an IP address from the Radius server, only from a local pool. This feature has been discussed and will probably appear in a later PIX release, but for the moment there's no way around it and no way to tie a specific IP address to a specific VPN user. Sorry.

Once an IP address from the address pool on a 3000 VPN Concentrator has been given out to the remote user, how do you know what that address is from lookin in the syslog. In other words, what setting in the Configuration > System > Events > Classes is needed to see that IP? I can get the users ISP address in syslog, but can't figure out how to match the user to the IP handed out by the address pool.


This Discussion