Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA static ip address per user

Need to know if their is a way to configure the following on the ASA.

We have 60 users login via VPN through ASA and authenticated via Radius server.

So we need, 60 users configured with each allocated a static ip address.

For example;

60 User - 60 Static Ip address

User 1 - 10.10.10.1

User 2 - 10.10.10.2

-

-

-

User 60 - 10.10.10.60

At present we can do this by creating a object-group per user but this is not scalable, therefore if their is a efficient way of doing this.

5 REPLIES
New Member

Re: ASA static ip address per user

To use DHCP to assign addresses for VPN clients, you must first configure a DHCP server and the range of IP addresses that the DHCP server can use. Then you define the DHCP server on a tunnel group basis. Optionally, you can also define a DHCP network scope in the group policy associated with the tunnel group or username. This is either an IP network number or IP Address that identifies to the DHCP server which pool of IP addresses to use.

Refer the url below for more information on configuring ip address in ASA:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/vpnadd.html#wp998941

Re: ASA static ip address per user

You can assign each user an IP address via the following:

> Locally for each user. (very hectic)

> Using AAA Server

> Using DHCP

Just make sure you set the appropriate option in the 'vpn-addr-assign' command.

Regards

Farrukh

Re: ASA static ip address per user

Hello Nishit,

I encountered this in past and best solution is installing IAS (Windows Radius) to a Domain Controller (If you want to grab user information from Active Driectory), or to a standalone computer to grab user information locally from computer. In user's dial-in tab, activate static IP and assign the Ip address to user. Set the authentication-server-group in related tunnel-group in firewall

Regards

New Member

Re: ASA static ip address per user

Is this IAS free to download or do we have to purchase it. Can it be configured on the existing Radius serve.

Re: ASA static ip address per user

It is free, built-in to windows 2003 server. I dont know what do you have currently as a Radius service, but win2003's RADIUS is called IAS. (Internet Authentication Server) Here is how to install

http://technet.microsoft.com/en-us/library/cc781690.aspx

here is the configuration

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Feel free to ask during implemention

564
Views
0
Helpful
5
Replies