Hi,
We are using Cisco AnyConnect on ASA (9.6). Users are authenticated with LDAP, and group membership determines which group-policy is assigned (through an LDAP attribute map), and the user is assigned an IP address from a local pool (specified user the group-policy).
Now, we wish to assign client IPs from a DHCP server, but an issue is we want to use a different DHCP server based on the group-policy assigned to the user. The DHCP server appears to be specified in the tunnel-group (we have a generic one for all users), and all the group-policy does is provide a hint as to which scope to use on the DHCP server (dhcp-network-scope).
Is there any way to specify differnet DHCP servers for different user-groups? What I don't know is if multiple DHCP servers are specified in the tunnel-group configuration, will they be queried in turn (as a potential workaround)?
Cheers,
Matt