Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

AAA static IP address for RA VPN Client

Hi,

my vpn group and VPN POOL  is locally created in Cisco VPN router but users are authenticated through ACS, AAA server via TACACS. Now I want to assign the static ip address to VPN Client. Everything is fine but due to the application problem I want to give them the static Ip address from the VPN Pool. I have greated one pool in AAA server and also configure the client in AAA to get the static ip address but unable to do this. Please help me out how to do this.

My router is configured for TACACS+. I have checked the user configuration in AAA server to get the static ip address but it is not working. Please help me out how to do this. I cant change Router to Radius but this is my main router which is configured for 160 sites through ISDN and these sites also configured for TACACS+.

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2 
!        
crypto isakmp client configuration group Aviation-VPN
key egntosc
pool aviation-pool
acl avi-tunnel
save-password
netmask 255.255.255.0
crypto isakmp profile vpnclient
   match identity group Aviation-VPN
   client authentication list default
   isakmp authorization list Aviation-authorization
   client configuration address respond
!        
!        
crypto ipsec transform-set aviset esp-3des esp-sha-hmac
!        
crypto dynamic-map avi 10
set transform-set aviset
set isakmp-profile vpnclient
reverse-route

  • AAA Identity and NAC
3 REPLIES
New Member

Re: AAA static IP address for RA VPN Client

Since you're using ACS, I believe the way to do this is to

go into ACS, and select the username of the user that you want

to get the static IP. Under that user's setup, there is an option to

always assign the same IP. Just select that and enter the IP you

want them to get. - chris

New Member

Re: AAA static IP address for RA VPN Client

same not working, fourm if any other workarround ,????

Re: AAA static IP address for RA VPN Client

The ACS can assign a static IP to the RA VPN client.

Do you have the ''IP Pools'' and ''Per-user TACACS+/RADIUS Atributes'' selected under Interface Configuration | Advanced Options from the ACS?

Federico.

899
Views
0
Helpful
3
Replies