Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ldap users RA vpn static ip's

I would like to setup some remote access IPSec vpn users who authenticate via ldap with static ip's when they initiate their tunnel.  Is this possible?  I have this setup on an ASA with 8.0 code.


Re: ldap users RA vpn static ip's

authentication via ldap for RA vpn is a well know implemention scenario.

The following example show you how to configure LDAP server on ASA for vpn authentication. The example is for webvpn but ldap part is applied to IPSec vpn as well.

Not sure what do you mean "static IP" here.

In RA vpn, ASA should assign a IP to the client. You can assign this IP via DHCP, local ip pool etc.

New Member

Re: ldap users RA vpn static ip's

Sorry I should clarify I already have LDAP setup for authentication but I have a need for a few vpn users who authenticate to get the same ip each time.  This can be from the dhcp pool I've setup.  I need to know if this possible to do and if so how to go about setting it up?  Thanks!

Re: ldap users RA vpn static ip's

In this case, I think you can configure your ldap server to return an attribute with assigned IP address (such as msRADIUSFramedIPAddress), then on ASA, you need do ldap-attribute-map to map the above attribute to "IETF-Radius-Framed-IP-Address" so that ASA could understand it and assign this address to vpn client.