Unable to assign IP addresses to VPN Clients with the Cisco Secure ACS authentication server, and the "Group User [USER] Cannot obtain an IP address for remote peer" error message appears in the event logs of Concentrator
The error message appears when the VPN Client fails to receive an IP address from an Access Control Server (ACS), which is configured to assign IP addresses.
For a workaround,
It is recommended to reconfigure the settings in the VPN concentrator and the ip pools on the ACS:
On the VPN Concentrator, choose Configuration > System > Address Management > Assignment > Use Address from Authentication Server > Apply in order to choose the authentication server option for IP address assignment.
On the Cisco VPN 3000 Concentrator, choose Configuration > System > Servers > Accounting Servers.
Add the details for the ACS in order to specify the ACS as an Accounting Server. This allows the ACS to see what IP addresses are in use and assign free IP addresses.
In the ACS, go into either the User Setup or the Group Setup in order to provide the IP address.
Choose VPN Client IP Address Assignment.
Choose Assigned from AAA server pool. An IP address pool on the Authentication Authorization Accounting (AAA) server assigns the IP address.
Hi All Cisco fans. I have a question abot log below you can find my running config of logs messages. and my question is? when I type show logging i see only logs for VPN session, non of the current wornings info etc.My asa freez night before i cannot...
Hi all,Hope you all are doing good.Please help me on below.We have two FTD 9300 installed in our setup in active standby. Yesterday there was a failover we want to lnow why failover happend and when. Is it possible to find it from FMC ? If so th...
My customer has integrated ISE and Stealthwatch SMC and looking for automatic user notification after getting quarantine from SMC.
Is it possible to send email notification?
Can we do portal (like Hotspot or static web page) redirection?
hi!I have probably very simple question but i can't find the information i need.So here it is: we have asa5555-x with created context for ISP and admin context. ISP's context has inside and outside interfaces. Both has public ips assigned to it. Admin con...