cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4407
Views
0
Helpful
7
Replies

How to use ACS 5.2 to create a static ip address user for remote access VPN

WANG23140552
Level 1
Level 1

Hello everyone,

     I get problem.Please help me.

     At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.

     I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:

    

     Step 1Add a static IP attribute to internal user attribute dictionary:

     Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users.

     Step 3Click Create.

     Step 4Add static IP attribute.

     Step 5Select Users and Identity Stores > Internal Identity Stores > Users.

     Step 6Click Create.

     Step 7Edit the static IP attribute of the user.

     I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the  "add a static IP address to user "configurations,EzVPN are failed.

     so,what should I do,if anyboby knows how to use ACS 5.2 to create a static ip address user for remote access VPN,please tell.

    

     Wait for you response,no matter right or not,please response,thank you.

1 Accepted Solution

Accepted Solutions

jrabinow
Level 7
Level 7

There are some additional steps to be performed to ensure that the static address defined for the user is returned in the Access-Accept. See the instuctions in the attached two slides

View solution in original post

7 Replies 7

jrabinow
Level 7
Level 7

There are some additional steps to be performed to ensure that the static address defined for the user is returned in the Access-Accept. See the instuctions in the attached two slides

I greatly appreciate your help, the problem has been the perfect solution. Thanks for your reply.

joopv
Level 1
Level 1

This "issue" is still present in ACS 5.3 patched up to the latest version.  At least the documentation help files that are installed with the update could have been updated in the mean time...

      

I tried to follow the powerpoint slides.

However, on the first slide i run into a problem: to the right of the dropdown box where "Internal Users" is selected, i can not select "Assigned IP Address".  The Attributes List where i can select from, is empy.

Any help would be appeciated.

Adding the ful presentation. The version earlier in the thread seems to have got truncated

Thanks, i followed this procedure.

When testing against a radius client simulator (Vasco Vacman radius client simulator) i now get an attribute 8 framed-IP-Address.  However, the value type is unknown according to the simulator.

Can i safely assume that this is an issue with the simulator?

Not familiar what this simulaor is

Framed-IP-Address is attribute number 8. Could be that your simulator may not recognize the IPv4 address

One other way is to run the test and then go to "Monitoring & Reports > Reports > Catalog > AAA Protocol > RADIUS Authentication

and view the details for the request. You should see the value returned for the Framed-IP-Address in the report

Thanks again, this looks good!

If you have any suggestion for other radius test client simulator software i would be interested.  For now i will continue with my implementation

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: