I've a Pix515 ver 7.05 with a vpn client access.
I would to assign the address pool by a radius server. I've tried to confidure on my radius profile the following attribute
and on pix I've configured
ip local pool miopool 192.168.10.1 - 192.168.10.20
But this configuration doesn't work
The radius sends the attribute to pix but the pix ignores it and assigns to user the pool configured on the tunnel-group's definition.
What have i forget ?
Can you help me?
thank in advance
Thanks for your suggestion, but
the command vpn-addr-assign aaa is the default
The pix seems to ignore the attribute because interprets it as an acl
The error is the following
User: 'pix', Unsupported downloaded ACL Entry: 'ip:addr-pool=mio-pool', Action: 'Ignoring'
It seems a syntax error.
Have you tried this instead? (IPSEC instead of IP)?
Have a look at this:
I've tried to modify the radius attribute from IP to Ipsec but in this case the pix doesn't show any error message, it ignores the attribute.
....... I've tried to upgrade the pix's release from 7.0(7) to 7.2(4) but the behaviour is the same. It doesn't work ;)
the last update..... I've inserted in the radius on user's profile the "class" attribute with the name of group-policy.
In this way any users have one different group-policy with address-pool and split-acl.
This is the only solution that seems to work fine with the pix.
Thank you for all your replies and suggestions
Yes, I put the command, the "vpn-addr-assign aaa is default configuration and pix doesn't insert it in the running-config.
Thanks for all