cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3280
Views
0
Helpful
7
Replies
Highlighted
Beginner

How to use ACS 5.2 to create a static ip address user for remote access VPN

Hello everyone,

     I get problem.Please help me.

     At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.

     I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:

    

     Step 1Add a static IP attribute to internal user attribute dictionary:

     Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users.

     Step 3Click Create.

     Step 4Add static IP attribute.

     Step 5Select Users and Identity Stores > Internal Identity Stores > Users.

     Step 6Click Create.

     Step 7Edit the static IP attribute of the user.

     I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the  "add a static IP address to user "configurations,EzVPN are failed.

     so,what should I do,if anyboby knows how to use ACS 5.2 to create a static ip address user for remote access VPN,please tell.

    

     Wait for you response,no matter right or not,please response,thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

There are some additional steps to be performed to ensure that the static address defined for the user is returned in the Access-Accept. See the instuctions in the attached two slides

View solution in original post

7 REPLIES 7
Highlighted
Rising star

There are some additional steps to be performed to ensure that the static address defined for the user is returned in the Access-Accept. See the instuctions in the attached two slides

View solution in original post

Highlighted

I greatly appreciate your help, the problem has been the perfect solution. Thanks for your reply.

Highlighted
Beginner

This "issue" is still present in ACS 5.3 patched up to the latest version.  At least the documentation help files that are installed with the update could have been updated in the mean time...

      

I tried to follow the powerpoint slides.

However, on the first slide i run into a problem: to the right of the dropdown box where "Internal Users" is selected, i can not select "Assigned IP Address".  The Attributes List where i can select from, is empy.

Any help would be appeciated.

Highlighted

Adding the ful presentation. The version earlier in the thread seems to have got truncated

Highlighted

Thanks, i followed this procedure.

When testing against a radius client simulator (Vasco Vacman radius client simulator) i now get an attribute 8 framed-IP-Address.  However, the value type is unknown according to the simulator.

Can i safely assume that this is an issue with the simulator?

Highlighted

Not familiar what this simulaor is

Framed-IP-Address is attribute number 8. Could be that your simulator may not recognize the IPv4 address

One other way is to run the test and then go to "Monitoring & Reports > Reports > Catalog > AAA Protocol > RADIUS Authentication

and view the details for the request. You should see the value returned for the Framed-IP-Address in the report

Highlighted

Thanks again, this looks good!

If you have any suggestion for other radius test client simulator software i would be interested.  For now i will continue with my implementation