12-30-2019 11:57 AM
I have several groups of people using my VPN. They all go to different areas of my network. I want to assign them different DHCP scopes on ISE for their login (right now, anyconnect cannot get beyond a RADIUS acceptance for the network but cannot get an IP address).
I have a couple of scopes built on ISE under DHCP & DNS services.
Please note, I do NOT want to allow any other devices to pick up ip addresses here.
I also have a microsoft DHCP server. I could go there but another engineer is forcing all the users into one tunnel group so ip helper wont work there (I don't think).
HELP!!!!
Thaks
Joe W
Solved! Go to Solution.
01-01-2020 08:25 PM
@Mike.Cifelli wrote:
Why not use the ASA/VPN box to locally distribute IPs accordingly? Or have you considered utilizing AD and specific attributes such as msRADIUSFramedIPAddress to issue IPs? Only issue with option two I think is that it would be a static non-dynamic IP at all times.
ISE DHCP Services is not a solution for this, its not scaled designed or tested for this use case.
See this thread as well?
12-31-2019 06:30 AM
12-31-2019 02:23 PM
Sorry, none of the devices are on AD. they are ALL external users who do not have our AD attributes.
I have tried to use the ASA/VPN Box. I defined all of the scopes (12) and pointed the local-groups to them however I still get nothing.
01-01-2020 08:25 PM
@Mike.Cifelli wrote:
Why not use the ASA/VPN box to locally distribute IPs accordingly? Or have you considered utilizing AD and specific attributes such as msRADIUSFramedIPAddress to issue IPs? Only issue with option two I think is that it would be a static non-dynamic IP at all times.
ISE DHCP Services is not a solution for this, its not scaled designed or tested for this use case.
See this thread as well?
05-24-2021 01:49 AM
Can ISE dhcp network-scop fulfill this requirement?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide