Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Assign Static IP to VPN clients authenticated on AAA server

Hi NetPros

My objective is to assign static IP address for VPN clients.

The tunnel group authentication is on a AAA LDAP server.

AAA LDAP queries has been configured and tested to work.

I followed the guide below, but could not get static IP assignment to work.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996

The tunnel group is configured to use the DHCP pool and the Group policy on ASA.

- If i do not specify dhcp pool, the error message is: "no assigned address"

- If i configure dhcp pool, the assigned address will be from the pool

Here are my queries on assigning a static IP for aaa-users:

1. Do you need to configure a external policy server for static IP assignment to work?

-I prefer to use the group policy on ASA

2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?

3. Does DHCP service needs to be running on ldap server?

4. As per printscreen below, is Remote Access Policy required?

5. What am I missing out to make static IP assignment work?

Big thanks

1 REPLY
New Member

Re: Assign Static IP to VPN clients authenticated on AAA server

Hi all

Thanks to friends working in Cisco, they have helped to identify the root cause.

The root cause was due to a misprint on the Cisco document.

The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'

In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all.

283
Views
0
Helpful
1
Replies