Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
16
Helpful
7
Replies

Can a VPN client have a static address, or be assigned a specific ip address?

John Peterson
Level 1
Level 1

‎03-12-2012 04:34 AM

Hi, I have a user VPN going to a asa, but I would like two of the machines based on mac address to be assigned a particular ip address from the ip pool or is it possible to have them have a static ip address.

Is this possible?

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
7 Replies 7

andrew.prince
Level 10
Level 10

‎03-12-2012 08:37 AM

I have done this in the past, I just created a specific address pool - containing 1 address, and assigned it to a specific VPN profile.  At a later time  I implemented a Microsoft DHCP server - that way I could assign a specific IP attached to a specific MAC address.

HTH>

John Peterson
Level 1
Level 1
In response to andrew.prince

‎03-12-2012 08:55 AM

Thanks, I only have 2 users. It is not possible to create a local dhcp server on the asa, to give out ip address based on the mac. Which of possible is configured on the asa?

Sent from Cisco Technical Support iPhone App

0 Helpful

andrew.prince
Level 10
Level 10
In response to John Peterson

‎03-12-2012 09:00 AM

No it is not possible to tie and IP address from a DHCP pool to a remote client MAC address on an ASA - AFAIK.

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-12-2012 10:35 AM

Hello John,

By IP address is not possible, you can do it based on the user-name:

username test password test

username test attributes

vpn-framed-ip-address 192.168.12.1 255.255.255.0

Hope this helps,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

John Peterson
Level 1
Level 1
In response to Julio Carvajal

‎03-12-2012 12:24 PM

Thanks,

I guess from your reply, the asa is not able to give out ip address based on mac address to remote clients?

I would like the VPN user to able to communicate by their remote ip address, would I just enter the command same-security-permit intra-interface?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to John Peterson

‎03-12-2012 12:52 PM

Hello John,

Why do you mean their remote ip address, Do you want him to use his own public ip address?

If you want to allow the remote client to access any other resource outside the asa: yes you need the same-security

Regards

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

John Peterson
Level 1
Level 1
In response to Julio Carvajal

‎03-12-2012 12:59 PM

Hi,

Remote IP as in their remote private ip address which is assigned by the asa ip pool.

Thanks

0 Helpful
Customers Also Viewed These Support Documents