Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
2
Replies

Allocating Static IP for anyconnect remote clients on Cisco Router 2911

Mohammed Mostufa
Level 1
Level 1

‎09-06-2018 01:48 PM - edited ‎02-21-2020 09:27 PM

I am using Cisco 2911 router, I configured the remote client in that. I need to provide the static IP to the remote users instead of providing from the DHCP pool. is it possible?

 

 

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-06-2018 02:05 PM

Hi,
Are you using RADIUS for authentication?
Are you using FlexVPN configuration?
0 Helpful

Mohammed Mostufa
Level 1
Level 1
In response to Rob Ingram

‎09-07-2018 01:14 AM

no, it's not a flexvpn or radius configured. its anyconnect remote user VPN configured and allow only RDP session to VPN user. (and its working fine but I want to configure a static IP for each VPN user) please have a look the configuration below.

 

ROUTER#sh running-config
!
version 15.6

!
hostname ROUTER
!

aaa new-model
!
!
aaa authentication login webvpn local
!

!
aaa session-id commonf
!
!

!
no ip domain lookup
ip name-server 192.168.1.100
ip name-server 192.168.1.200
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!

crypto pki trustpoint TRUST
enrollment selfsigned
ip-address 172.21.21.98
revocation-check crl
rsakeypair my_key 1024 1024
!
!
crypto pki certificate chain TRUST
certificate self-signed 01
30820237 308201A0 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
37313530 1806092A 864886F7 0D010902 160B4D4F 42494C59 2D31304D 42301906
092A8648 86F70D01 0908130C 38352E31 39342E36 372E3938 301E170D 31383039

username REVPN secret 5 $1$FVdD$jNnQJCGo/ZEAmpkp2qLta.

!
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.6.02074-webdeploy-k9.pkg sequence 1
!
!

!
interface Loopback1
ip address 192.168.200.254 255.255.255.0
!

interface GigabitEthernet0/0
description CONNECTED TO ISP
ip address 172.21.21.98 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Connected to Palo Alto Firewall ( Inside network )
ip address 55.195.26.1 255.255.255.248
duplex auto
speed auto

ip local pool REVPN 192.168.200.10 192.168.200.20
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 172.21.21.97
ip route 10.128.3.200 255.255.255.255 55.195.26.2
ip route 10.128.4.0 255.255.255.0 55.195.26.2
!
ip access-list extended REVPN-ACL
permit tcp 192.168.200.0 0.0.0.255 10.128.3.0 0.0.0.255 eq 3389
permit tcp 192.168.200.0 0.0.0.255 10.128.4.0 0.0.0.255 eq 3389
!
!
!

webvpn gateway ANYCONNECT
ip address 172.21.21.98 port 443
http-redirect port 80
ssl trustpoint TRUST
inservice
!
webvpn context company
title ""
login-message "*Authorised Access Only*"
aaa authentication list webvpn
gateway ANYCONNECT
!
ssl authenticate verify all
inservice
!
policy group policy1
functions svc-enabled
banner ""
filter tunnel REVPN-ACL
svc address-pool "REVPN" netmask 255.255.255.0
svc default-domain ""
svc keep-client-installed
svc homepage ""
svc rekey method new-tunnel
svc split include 10.128.4.0 255.255.255.0  
svc split include 192.168.200.0 255.255.255.0
svc dns-server primary 192.168.1.100
svc dns-server secondary 192.168.1.200
default-group-policy policy1
!
end

 

0 Helpful
Customers Also Viewed These Support Documents