Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN 3020 - DHCP Relay and Reservations

Hi All


I have a VPN Concentrator 3020 in my structure and i'm configuring IP address assignment by an external DHCP Server.

there is no problem in that: the client authenticates and then receives its IP address..

the problem is that i need to configure reservation on the DHCP Server.. the question is: which is the mac address we have to use for the reservation?

i saw on the server that the mac address of the dhcp request is something like that 0003a08a5308020e7f28f4e9a82000, that is the mac address of the external interface of the vpn concentrator, plus many other characters, that don't seem to be related to the client or any other component in the network, and change everytime we connect..

I think I can't assign the IP address statically on the Concentrator or the ACS, because the users authenticates on the VPN Concentrator through MS Active Directory, so they don't really exist on these devices..


does anyone know how can I make this work?

thanks a lot

Marco

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN 3020 - DHCP Relay and Reservations

You can't do that with ip address assigned from DHCP server.

You can configure LDAP server to assign individual ip address depending on which user authenticates for vpn client access.

You will need to configure LDAP server for authorization in the VPN Concentrator, as well as enable "Use Address from Authentication Server" for the ip address assignment.

3 REPLIES
Cisco Employee

Re: VPN 3020 - DHCP Relay and Reservations

Yes, you can configure ip pool on the VPN Concentrator per group, and the ip address can be assigned from the ip pool on the VPN Concentrator to the VPN Client user.

To configure ip pool per group:

Configuration --> User Management --> Groups --> click on the specific vpn groups that you would like to configure the ip pool --> on the right hand side: click on Address Pools --> Add new ip pool.

To configure ip pool for all groups:

Configuration --> System --> Address Management --> Pools --> Add ip pool

To use the local ip pool from the VPN Concentrator, you would need to enable it:

Configuration --> System --> Address Management --> Assignment --> enable "Use Address Pools"

Hope that helps.

New Member

Re: VPN 3020 - DHCP Relay and Reservations

Hi Halijenn

thanks for your answer.. but my problem is i need to make individual IP reservations for users of the same group...

Cisco Employee

Re: VPN 3020 - DHCP Relay and Reservations

You can't do that with ip address assigned from DHCP server.

You can configure LDAP server to assign individual ip address depending on which user authenticates for vpn client access.

You will need to configure LDAP server for authorization in the VPN Concentrator, as well as enable "Use Address from Authentication Server" for the ip address assignment.

448
Views
0
Helpful
3
Replies