cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
0
Helpful
3
Replies

Static IP via VPN

delawarecity
Level 1
Level 1

I have a question about giving a static IP to VPN clients. I have 11 laptops that will connect via a VPN (Cisco or Microsoft PPTP) to a Cisco ASA 5510. For business reasons, I need each laptop to be assigned the same IP everytime it logs in. What would be the best way to accomplish this task?

1 Accepted Solution

Accepted Solutions

mfreijser
Level 1
Level 1

This is certainly possible, but it does require you to add an ipaddress to every username in the configuration. The ASA looks at the username entered by the remote user, and checks if it has an ipaddress configured with it's username.

You can find the configuration option in the ASDM here: Configuration -> VPN -> General -> Users. Edit a user and go to the VPN Policy tab, you will find the 'Dedicated IP Address' option at the bottom of the page.

If you want to configure this via console/telnet/ssh: go to configuration mode and type the following:

username attributes

vpn-framed-ip-address

Make sure that the subnet matches the subnet of your already configured ip pool! If you use 192.168.10.0/24 as you ip pool, your configuration should look like this:

username testuser attributes

vpn-framed-ip-address 192.168.10.1 255.255.255.0

The address 192.168.10.1 should now always be assigned to user 'testuser'

Hope this post helps, please rate if it does!

Regards,

Michael

View solution in original post

3 Replies 3

mfreijser
Level 1
Level 1

This is certainly possible, but it does require you to add an ipaddress to every username in the configuration. The ASA looks at the username entered by the remote user, and checks if it has an ipaddress configured with it's username.

You can find the configuration option in the ASDM here: Configuration -> VPN -> General -> Users. Edit a user and go to the VPN Policy tab, you will find the 'Dedicated IP Address' option at the bottom of the page.

If you want to configure this via console/telnet/ssh: go to configuration mode and type the following:

username attributes

vpn-framed-ip-address

Make sure that the subnet matches the subnet of your already configured ip pool! If you use 192.168.10.0/24 as you ip pool, your configuration should look like this:

username testuser attributes

vpn-framed-ip-address 192.168.10.1 255.255.255.0

The address 192.168.10.1 should now always be assigned to user 'testuser'

Hope this post helps, please rate if it does!

Regards,

Michael

Thanks for your response. I currently have a Radius server (built in Windows) to Authenticate VPN users. Is there a way to do this per user with this setup or would I be better off having two VPN groups, one for the static IP Laptops with Local Auth and the rest of the remote users still authenticating via Radius?

That sure is the easiest way to do it, i would not know how you could assign a static ip with a Windows RADIUS server.

Please rate if the post helps!

Regards,

Michael

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: