Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

PIX/IOS VPN with RADIUS-assigned client IP address

We have a VPN Concentrator which is configured to authenticate against a

CiscoSecure ACS server. Certain users are assigned static IP addresses, as

defined in CSACS, as this works seamlessly for Cisco VPN 3.x users or direct dial-up users (who log in to a NAS which authenticates against the same CSACS database).

There is a requirement to use a PIX (or an IOS FW+VPN) in another part of our network (The IOS router will require 12.2(8)T to support the Cisco VPN 3.x client). Will the PIX/IOS router recognise the static IP addresses, as defined in CSACS, and issue them to clients, or are client IP addresses always allocated from the pool defined locally on the PIX/IOS router?

3 REPLIES
Cisco Employee

Re: PIX/IOS VPN with RADIUS-assigned client IP address

I just tested this on a router, and I believe the PIX will work the same way.

If you send down a static IP address from the ACS server, it overrides the local pool defined on the router, and the user gets assigned that static IP address. So do it just the same as how you've done it for the VPN3000 users and you should be fine.

New Member

Re: PIX/IOS VPN with RADIUS-assigned client IP address

I couldn't get it to work with the router IOS 12.2.8T. The address was always assigned out of the pool defined in the router. Could you help providing some specific details?

Thanks

Cisco Employee

Re: PIX/IOS VPN with RADIUS-assigned client IP address

Actually I must apologize for this. What I tested initially was PPP connections to the router, not VPN. What I originally said still stands for PPP connections but not for VPN. With VPN connections the IP address must be assigned out of a local pool. In fact if you don't configure one on the router the VPN client won't connect at all.

Again, my apologies for misreading your original question.

186
Views
0
Helpful
3
Replies
CreatePlease to create content