Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client Address Pool Problem

Hi every one.we have an ASA5520 in our HQ office which users connect to it via remote access vpn with cisco vpn client.i have problem to assigning ip address to users when they connect to ASA.i have configured a Pool for users.also i want to assign specific ip address from pool to speciffic users so i have configured usernames with attributes.

ip local pool mask

group-policy nins internal

group-policy nina attributes

vpn-tunnel-protocol IPSec

split-tunnel-policy excludespecified

split-tunnel-network-list value split

username user1 password P4tt33SV8TYp encrypted privilege 0

username user1 attributes

vpn-group-policy nina


this configuration was ok and users get ip address that is configured on user attribute but after i have configured some users with asdm,asdm added some default configuration such as

dynamic-access-policy-record DfltAccessPolicy

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec

and now when a user tries to connect it doesnt get ip address configured on user attribute insted asa gives a random ip address from how can i fix this problem?

i think may be the default DfltGrpPolicy and "dynamic-access-policy-record DfltAccessPolicy" couse this problem?thanks.


Re: VPN Client Address Pool Problem

I believe the DAP record referencing the DfltAccessPolicy is overriding the use of the tunnel group and group policy to bind the user attributes.

CreatePlease to create content