Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client Address Pool Problem

Hi every one.we have an ASA5520 in our HQ office which users connect to it via remote access vpn with cisco vpn client.i have problem to assigning ip address to users when they connect to ASA.i have configured a Pool for users.also i want to assign specific ip address from pool to speciffic users so i have configured usernames with attributes.

ip local pool 192.168.10.1-192.168.10.254 mask 255.255.255.0

group-policy nins internal

group-policy nina attributes

vpn-tunnel-protocol IPSec

split-tunnel-policy excludespecified

split-tunnel-network-list value split

username user1 password P4tt33SV8TYp encrypted privilege 0

username user1 attributes

vpn-group-policy nina

vpn-framed-ip-address 192.168.10.2 255.255.255.0

this configuration was ok and users get ip address that is configured on user attribute but after i have configured some users with asdm,asdm added some default configuration such as

dynamic-access-policy-record DfltAccessPolicy

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec

and now when a user tries to connect it doesnt get ip address configured on user attribute insted asa gives a random ip address from pool.so how can i fix this problem?

i think may be the default DfltGrpPolicy and "dynamic-access-policy-record DfltAccessPolicy" couse this problem?thanks.

1 REPLY
Bronze

Re: VPN Client Address Pool Problem

I believe the DAP record referencing the DfltAccessPolicy is overriding the use of the tunnel group and group policy to bind the user attributes.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml#t3

230
Views
0
Helpful
1
Replies
CreatePlease to create content