Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN IP address assignment

I'm currently using an ASA 5520 running 7.2 for my VPN. We have it configured to verify the machine certificate and then pass user authentication to a microsoft IAS. It works fine, but everyone currently gets an IP from the same pool of address on my DHCP server.

If possible I would like to be able to seperate certain Active Directory groups and have them be on different subnets.

Does anyone know how to configure IAS to do the address assignment or is it possible with configuration on the ASA?

New Member

Re: VPN IP address assignment

I don't know if/how your request can be done to a microsoft IAS, but I have been able to successfully configure Cisco's ACS 4.0 RADIUS server to tie into Windows 2003 AD, and based on User group settings on the ACS server, authenticate and allocate dhcp addresses from different pools.

This provides us the flexibility to have a centralized windows authentication method, and a corresponding dhcp pool each of the equivalent AD groups that are settup on the Radius server.

Now if I could just get the ACS "Downloadable ACL's" to apply to authenticated users I'd be one happy cisco user!

Hope this helps.


CreatePlease login to create content