Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

VPN concentrator and reverse ip address based on MAC address

i have not configured VPN before, we have got Cisco VPN concentrator 3000 at work , it is working fine.

I have got mobile PC (with Cisco PC client ) that is looking to access its correspondent server in the DMZ area (192.168.101.204) at work 's network, through VPN concentrator.

How can i reserver an internal ip for that mobile PC based om its MAC address,,,the reason I am doing that to reserve the specific private ip address for that mobile PC

We use safeword Token for authentication

How can I configure that on VPN ?

On PIX, I have got no problem to configure ACL from inside to DMZ.

2 REPLIES
New Member

Re: VPN concentrator and reverse ip address based on MAC address

Sorry for the thread title it should be : "reserver" not reverse.

I have been advised to read the "admin guide"

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

under the heading below

Assign a Specific IP Address to a User

----------------------------------------

In order to assign a static IP address for the remote VPN user every time they connect to the VPN 3000 Series Concentrator, choose: Configuration > User Management > Users > Modify ipsecuser2 > identity.

My question i am using production box (to avoid screw up whole system), does it affect if i want to create a specific group and assign specific ip address to a user

On my PIX (VPN running paralled to the PIX, i.e it is not behind nor inforn of the PIX) what I have got these lines of configurations which are related to the VPN concentrator

nat (inside) 1 10.2.2.0 255.255.255.0 0 0,,,,,,,,ip for VPN pool as seen in figure

nat (inside) 1 172.168.1.0 255.255.255.0 0 0,,,,,,,,,not related to VPN

nat (inside) 1 192.168.0.0 255.255.0.0 0 0,,,,,,,,,not related to VPN

global (outside) 1 10.1.1.150-10.1.1.155

global (outside) 1 10.1.1.156

route inside 10.2.2.0 255.255.255.0 192.168.55.254 1,,,,,,,,,,,,,192.168.55.254, is the VPN Ethernet 1 ip address.

http://img204.imageshack.us/img204/7306/vpnpooleu1.jpg

What I am thinking to do, are below (please any comment) :

1- I want to modify the current group (see my VPN figure ) to be from range 10.2.2.1-10.2.2.9 instead of 10.2.2.1-10.2.2.10

2- Create another group called : " mobile_users "

3- Create a user called : " commuter "

4- Assign the user " commuter " to the group " mobile_user "

5- Assign ip address 10..2.2.2 to the user " commuter "

6- In the cisco site that I have posted , it syas: tick option for " User address from Authentication Server ",,,,I do not think this will apply to me ?

again since I am using production box, I have to assure that the modification above does not screw up the whole system

New Member

Re: VPN concentrator and reverse ip address based on MAC address

Any comment ? Thanks

291
Views
0
Helpful
2
Replies
CreatePlease to create content