Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC ON CISCO ASA 5540

Hello,

I have a general query. We have a Cisco ASA 5540 which we plan to use a IPSec VPN concentrator for clients. We are looking at an option where remote users would be authenticated using an external server and for each userid a host IP will be binded statically. Once authentication succeeds the host IP must be thrown to the end client PC. The resources behind the ASA would be accessed using this IP.

This might sound generic, but can people give some options on how this can be acheived.

NOTE - Each userid must be binded to a static host IP.

1 REPLY
Super Bronze

Re: IPSEC ON CISCO ASA 5540

Yes, you can assign each user with static ip address.

There are the following options to assign ip address to VPN users:

1) IP Pool - dynamic assignment

2) Local ASA user database - static ip address assignment via the "vpn-framed-ip-address" command

3) Via DHCP server - to be enabled via "vpn-addr-assign dhcp" command

4) Via AAA server - to be enabled via "vpn-addr-assign aaa" command

Here are the sample configuration for option 2 and 3 above:

Option 2:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

Option 3:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

For Option 4 which is what you are trying to achieve, you can configure it as long as the external AAA server supports ip address assignment.

Hope that helps.

458
Views
0
Helpful
1
Replies