cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
0
Helpful
4
Replies

Cisco 3030 assigns wrong static IP address

r-ta
Level 1
Level 1

I've assigned a user one static IP address from a pool, 172.30.95.133. I also have this pool on the same group (172.30.95.129-172.30.95.254). Somehow, Cisco 3030 (v.3.6.3) assigns 172.30.95.129 to this user (VPN Client v.3.6). What event class I can use to debug this? (IP, DHCP, etc.)

Roderick

4 Replies 4

mike-greene
Level 4
Level 4

Hi, do you have "Use Address from Authentication Server" checked under Configuration | System | Address Management | Assignment.

Just a thought but not sure if the Concentrator will exclude that address or still hand that address out via an internal address pool.

Hope that helps...

Yes, I have that option checked. There are several dozens of users in this group, with static IP addresses. Most of them received the correct static IP address. Only a few somehow were assigned static IP address but received the IP from the pool. Don't know why there are differences - want to find out.

It may be a more basic issue. In a router configuration if you have a dynamic pool and you want to also have statically assigned addresses for certain hosts it is necessary to deny that particular host(s) from the dynamic pool. Also you would want to not include the address in the pool.

such as:

access-list 1 deny 10.0.0.1

access-list 1 permit any

ip nat inside source static 10.0.0.1 195.2.1.5

ip nat pool pool110.0.0.2 10.0.0.254 netmask 255.255.255.0

ip nat inside source list 1 pool pool7

Otherwise there may be issues where a different host is assigned the address out of the dynamic pool and you will receive a different address as the static is not available.

Given that is true on the router platform it may be an issue in how you define the pools in the concentrator. I am assuming that the static pool and the dynamic pools are defined seperately and you need to ensure they do not overlap.

I do not have a lot of experience with the concentrators but I have seen this as a similar issue.

You are correct that the pool and static addresses need/should be different. I was assuming that the environment would behave similar to DHCP. In DHCP, if you have a static IP on your client, you will use that IP address. If DHCP server reserves an IP address (based on your MAC address), you will get the reserved IP address. Otherwise, you will get an address from the pool. But Cisco VPN concentrator seems to behave differently. I've separated the dynamic pool and static pool. But still curious how would I debug it?