cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2110
Views
15
Helpful
8
Replies

Anyconnect Static IP on Router

Hello

 

How can i assign a static ip to a user logged in on a Cisco 2921 by anyconnect? 

 

best regards

 

 

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

setup a general any connect client and dealing with a public IP address- based on the group that IP will be provided.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

Do you have any radius in place or users are locally created ?

 

can you post the config ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I have only locally users on the router. 

br

balaji.bandi
Hall of Fame
Hall of Fame

Follow below Guide make differe profile for each user to get static IP on router - hope that help you:

 

https://community.cisco.com/t5/security-documents/how-to-assign-static-ip-addresses-to-vpn-clients/ta-p/3124060

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This is nice for VPN Client and a good idea but how can i implement this in anyconnect?

It looks like this config

 

webvpn gateway SSLVPN_GATEWAY
ip address 172.30.1.2 port 443
http-redirect port 80
ssl trustpoint SSLVPN_CERT
logging enable
inservice
!
webvpn context SSL_Context
virtual-template 1
aaa authentication list SSLVPN_AAA
gateway SSLVPN_GATEWAY
!
ssl authenticate verify all
inservice
!
policy group SSL_Policy
functions svc-enabled
svc address-pool "SSLVPN_POOL" netmask 255.255.255.0
svc split include acl 10
svc dns-server primary 8.8.8.8
default-group-policy SSL_Policy
!

 

BR

balaji.bandi
Hall of Fame
Hall of Fame

setup a general any connect client and dealing with a public IP address- based on the group that IP will be provided.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

So you mean for every user i should take a public IP? But i only had one IP on the Wan side. 

 

Br

 

 

balaji.bandi
Hall of Fame
Hall of Fame

No dial-in with the only IP address all of them, based on the Group and User you configured that IP will be assigned, but it bit manual task if you have large userbase, that is the reason RADIUS is a good candidate here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I think what you can do in this case would be to specify a domain for each user, create multiple pools with a /32 for each to define the private IP addresses you want to assign to each user, and then you need to associate the pools and domains under each respective context similar to this:

username user1@domain1 password xxxxxxx
username user2@domain2 password xxxxxxx

webvpn context SSL_Context_1
policy group SSL_Policy_1
svc address-pool "SSLVPN_POOL_1"
aaa authentication domain @domain1
gateway SSLVPN_GATEWAY domain domain1

webvpn context SSL_Context_2
policy group SSL_Policy_2
svc address-pool "SSLVPN_POOL_2"
aaa authentication domain @domain2
gateway SSLVPN_GATEWAY domain domain2

Users they need to specify the domain they should connect to through the specific URL, for example, user1 would use https://<public ip>/domain1, user2 would use https://<public ip>/domain2, and so on.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: