Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA IPSec - AAA - Active Directory

Hello,

Here is my planning :

* IPSec VPN Service on ASA

* Authentication using ACS 4.2 (already used for Wireless authentication (WLC))

* Users on ACS are dynamic mapped users from Active Directory

Groups on ACS are assigned to different subnets for VPN access thought the use of :

- Tunnel-Group-Lock Radius Attribute (i could have chosen to use RADIUS attribute 25 class as well).

So far so good.

The unknown part of the project :

Users will certainly ask me to make an ip reservation for their vpn access, i searched a long time and i found that procedure :

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html

"Enforcing Static IP Address Assignment for AnyConnect Tunnels" which is valid for IPSec clients, so i was wondering if someone has already implemented that solution.

What is fear is interference between the Wireless authentication part and the VPN one.

Regards.

339
Views
0
Helpful
0
Replies
CreatePlease to create content