Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

VPN concentrator and reverse ip address based on MAC address

i have not configured VPN before, we have got Cisco VPN concentrator 3000 at work , it is working fine.

I have got mobile PC (with Cisco PC client ) that is looking to access its correspondent server in the DMZ area ( at work 's network, through VPN concentrator.

How can i reserver an internal ip for that mobile PC based om its MAC address,,,the reason I am doing that to reserve the specific private ip address for that mobile PC

We use safeword Token for authentication

How can I configure that on VPN ?

On PIX, I have got no problem to configure ACL from inside to DMZ.

New Member

Re: VPN concentrator and reverse ip address based on MAC address

Sorry for the thread title it should be : "reserver" not reverse.

I have been advised to read the "admin guide"

under the heading below

Assign a Specific IP Address to a User


In order to assign a static IP address for the remote VPN user every time they connect to the VPN 3000 Series Concentrator, choose: Configuration > User Management > Users > Modify ipsecuser2 > identity.

My question i am using production box (to avoid screw up whole system), does it affect if i want to create a specific group and assign specific ip address to a user

On my PIX (VPN running paralled to the PIX, i.e it is not behind nor inforn of the PIX) what I have got these lines of configurations which are related to the VPN concentrator

nat (inside) 1 0 0,,,,,,,,ip for VPN pool as seen in figure

nat (inside) 1 0 0,,,,,,,,,not related to VPN

nat (inside) 1 0 0,,,,,,,,,not related to VPN

global (outside) 1

global (outside) 1

route inside 1,,,,,,,,,,,,,, is the VPN Ethernet 1 ip address.

What I am thinking to do, are below (please any comment) :

1- I want to modify the current group (see my VPN figure ) to be from range instead of

2- Create another group called : " mobile_users "

3- Create a user called : " commuter "

4- Assign the user " commuter " to the group " mobile_user "

5- Assign ip address 10..2.2.2 to the user " commuter "

6- In the cisco site that I have posted , it syas: tick option for " User address from Authentication Server ",,,,I do not think this will apply to me ?

again since I am using production box, I have to assure that the modification above does not screw up the whole system

New Member

Re: VPN concentrator and reverse ip address based on MAC address

Any comment ? Thanks

CreatePlease to create content