@Rob Ingram 

Thank you for reply. 

I understand in your point. But My scenario is the customer they need more than fix ip address from AD. 

As your link can I use another attribute to map ip  address for VPN connection or not ?  

@jewfcb001 yes

You can use also apply custom user and endpoint attributes, example:- https://www.youtube.com/watch?v=nCD7LiX-XZU&t=301s

then use Radius > Framed-IP-Address--[8] in the authorisation rule and reference the custom attribute (that has the static IP)

@Rob Ingram 

Thank you for information . I understand that cisco ise can custom attribute for user , but now all user 

it's handle by active directory. i understand AD can send IP by (msRADIUSFramedIPAddress) but i need more than 1 ip for fix to the client from AD . Please suggest me.  

@jewfcb001 why do you need to assign more than 1 IP address to the anyconnect client? I don't see how that will work or why you need to do that, unless you want to apply an IPv4 and IPv6 address to the same user?

Why don't you explain you scenario a bit better so we can understand why.

@Rob Ingram 

Because As picture below If client go to FW Site A User will get fix ip address for FW Site A  from AD so client go to FW Site B User will get fix ip address from AD for FW Site B.That's requirement from the customer. They need 2FA from Azure AD.

@jewfcb001 ok that makes things clearer.

Define 2 authorisation rules in ISE, use the NAS IP address of FW A on one rule and the IP address of FW B on the other rule, to distinguish between the connections depending on which firewall the users connects to

For the FW A authorisation rule, set the "Radius > Framed-IP-Address--[8]" to equal a custom attribute in AD such as msRADIUSFramedIPAddress or create a custom attribute - which has the static IP address for FW A.

For the FW B authorisation rule, set the "Radius > Framed-IP-Address--[8]" to equal a custom attribute a different AD attribute, such as Pager, telephone or create a custom attribute - which has the static IP address for FW B.

Use the same logic as per the guide provided above - https://integratingit.wordpress.com/2018/12/01/ise-dynamic-variables-from-ad/

Therefore the user will receive a different static IP address depending on which FW they connect to.

@Rob Ingram 

Thank you for answer . 

You mean other attribute besides msRADIUSFramedIPAddress such as pager . telephone . that parameter Can I use for IP address instead  msRADIUSFramedIPAddress from AD?

there are default attribute and optional, what exactly attribute you looking for?

@MHM Cisco World 

Hi MHM , 

I looking for any attribute can assign fix ip address from client . I need more than 1 ip address from client .

fix IP from client or fix IP to client ?

Fix IP from Client  Because As picture below If client go to FW Site A User will get fix ip address for FW Site A  from AD so client go to FW Site B User will get fix ip address from AD for FW Site B.That's requirement from the customer. They need 2FA from Azure AD.

OK, this is only one user or it multi user that you need to assign static IP ?