Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
5
Helpful
7
Replies

ASA IP reservation based on VPN username

Go to solution
stephen.collum
Level 1
Level 1

‎12-13-2022 08:04 AM - edited ‎12-13-2022 08:05 AM

I saw a post about the ASA now being able to perform IP reservations based on MAC addresses but couldn't find anything about doing the same thing based on the username connecting to VPN. Is this possible?

1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to stephen.collum

‎12-14-2022 05:48 AM

@stephen.collum you can use an LDAP attribute map on the ASA to query the attribute in AD for the static IP address, as defined under the user's AD User Properties, Dial-in tab.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc17

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎12-13-2022 08:15 AM

@stephen.collum you can assign an IP address from RADIUS, example - https://integratingit.wordpress.com/2017/01/01/cisco-asa-anyconnect-vpn-with-static-client-ip-address/ which would assign the same IP address per user

 

0 Helpful

Go to solution
stephen.collum
Level 1
Level 1
In response to Rob Ingram

‎12-14-2022 05:35 AM

Thank you for sharing that link. We already use ISE for wireless authentication so this may work for us. Just to be thorough, do you know if this can be done without moving the VPN authentication to ISE?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to stephen.collum

‎12-14-2022 05:48 AM

@stephen.collum you can use an LDAP attribute map on the ASA to query the attribute in AD for the static IP address, as defined under the user's AD User Properties, Dial-in tab.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc17

 

0 Helpful

Go to solution
stephen.collum
Level 1
Level 1
In response to Rob Ingram

‎12-14-2022 05:54 AM

Perfect! Thank you Rob.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-13-2022 01:14 PM

if you use local then command below will help you 

username USER attributes
  vpn-framed-ip-address x.x.x.x y.y.y.y

 ASA/PIX: Static IP Addressing for IPSec VPN Client with CLI and ASDM Configuration Example - Cisco

 

0 Helpful

Go to solution
stephen.collum
Level 1
Level 1
In response to MHM Cisco World

‎12-14-2022 05:38 AM

Thank you for posting those commands. When you say local you mean the user accounts, right?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to stephen.collum

‎12-14-2022 06:33 AM

I am talking about authentication user locally in ASA and add this attribute under the User attributes. 
authentication locally meaning using username/password save in ASA. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card