Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
4
Replies

vpn3005 with rsa authentication and dhcp + static IP assignment

ccna2
Level 1
Level 1

‎01-15-2007 01:34 AM - edited ‎02-21-2020 10:17 AM

Hi,

I am setting up a solution where I want to use rsa authentication (Ace v5.1) and the Cisco vpn client connecting to a vpn3005 concentrator. Most users on this setup should get their IP from a dhcp server on the LAN and this works fine along with rsa authentication.

My problem is this: We just switched to rsa authentication from before that using a mixture of AD and local concentrator database authentication. The latter was used because of wanting to assign a static IP to some users, required for some administrative access to other systems. Now, when we all want to use rsa authentication the problem arises. We can?t seem to find a way to let some users get a static IP assigned still. We have tried several things, such as the following with the reason it didn?t work in parentheses: local concentrator pool (prioritized after dhcp) and dhcp server IP to mac assignment (mac address is global).

I know that using a CS ACS server with RADIUS should be able to do this because of the compatible AV pairs, but the price for the CS ACS is too high. Is there really no other way? Any help would be highly appreciated

Thank You!

Labels:
0 Helpful
4 Replies 4

5220
Level 4
Level 4

‎01-15-2007 01:53 AM

Hi,

You should configure two remote access groups.

Both will use ACE for authentication, but one ("Client") will use DHCP, and the other ("Admins") will use local pools.

Then send the correct PCF file for the VPN client depending whether the user is a normal Client or an Admin.

This will solve your problem.

Please rate if this helped.

Regards,

Daniel

0 Helpful

ccna2
Level 1
Level 1
In response to 5220

‎01-15-2007 02:06 AM

Hi Daniel,

I have tried this, but because the local pool option is prioritized after dhcp in the global setting: "Configuration | System | Address Management | Assignment" I still get a dhcp address when connecting to a group with a local pool defined (on the group).

0 Helpful

5220
Level 4
Level 4
In response to ccna2

‎01-15-2007 03:56 AM

Hi,

So you have assigned a pool under the Groups => Assign local pool?

Regards,

Daniel

0 Helpful

ccna2
Level 1
Level 1
In response to 5220

‎01-15-2007 04:10 AM

Yes, directly under the group needing special addresses and I still get an address assigned from the dhcp server. "Use Address Pools" is also checked.

0 Helpful
Customers Also Viewed These Support Documents