Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
1
Replies

IPSEC ON CISCO ASA 5540

netops044
Level 1
Level 1

‎08-03-2010 03:03 AM - edited ‎02-21-2020 04:46 PM

Hello,

I have a general query. We have a Cisco ASA 5540 which we plan to use a IPSec VPN concentrator for clients. We are looking at an option where remote users would be authenticated using an external server and for each userid a host IP will be binded statically. Once authentication succeeds the host IP must be thrown to the end client PC. The resources behind the ASA would be accessed using this IP.

This might sound generic, but can people give some options on how this can be acheived.

NOTE - Each userid must be binded to a static host IP.

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎08-03-2010 07:34 AM

Yes, you can assign each user with static ip address.

There are the following options to assign ip address to VPN users:

1) IP Pool - dynamic assignment

2) Local ASA user database - static ip address assignment via the "vpn-framed-ip-address" command

3) Via DHCP server - to be enabled via "vpn-addr-assign dhcp" command

4) Via AAA server - to be enabled via "vpn-addr-assign aaa" command

Here are the sample configuration for option 2 and 3 above:

Option 2:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

Option 3:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml

For Option 4 which is what you are trying to achieve, you can configure it as long as the external AAA server supports ip address assignment.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents