Unable to assign IP addresses to VPN Clients with the Cisco Secure ACS authentication server, and th...
Unable to assign IP addresses to VPN Clients with the Cisco Secure ACS authentication server, and the "Group User [USER] Cannot obtain an IP address for remote peer" error message appears in the event logs of Concentrator
The error message appears when the VPN Client fails to receive an IP address from an Access Control Server (ACS), which is configured to assign IP addresses.
For a workaround,
It is recommended to reconfigure the settings in the VPN concentrator and the ip pools on the ACS:
On the VPN Concentrator, choose Configuration > System > Address Management > Assignment > Use Address from Authentication Server > Apply in order to choose the authentication server option for IP address assignment.
On the Cisco VPN 3000 Concentrator, choose Configuration > System > Servers > Accounting Servers.
Add the details for the ACS in order to specify the ACS as an Accounting Server. This allows the ACS to see what IP addresses are in use and assign free IP addresses.
In the ACS, go into either the User Setup or the Group Setup in order to provide the IP address.
Choose VPN Client IP Address Assignment.
Choose Assigned from AAA server pool. An IP address pool on the Authentication Authorization Accounting (AAA) server assigns the IP address.
Hi.Trying to get part number of my ASA5516 to buy the same model but can`t find a part number oncway.cisco.com/sncheck/Got the SN from show versiontried a different one from chassis section ofshow inventoryIn both cases it shows me ProductProduc...
Hello Community, I am trying to download a file through a site to site vpn between site A and site B.At site A side, I have an ASA 5506 (Software Version 9.1(7)29).The download link is as follow: http://10.15.0.6:8085/folder/file.zipLocal IP is ...
Hello, I am trying to allow Gmail uploads and it is failing. I had configured Cisco Data Security policy to block them and it worked. No I have to allow a specific group to upload files to Gmail, but I get error from Gmail. ...
This may be a basic question, but is it possible to have different versions of say self-register guest portal to be presented for different authorization policies .i.e ssid-1 -present version1 of guest portal, ssid-2 present version2 of guest portal, usin...
hello folks we have a TAC open , for couple weeks now (!) for a situation where a HA pair of 2130 running 6.7.0 which has been in use from since Nov 2020-ish , the 2130-1 unit has begun having BGP reset randomly.... we failover to 2130-2 and no BGP r...