Community,
We are currently doling out IP addresses to VPN clients via locally defined pools on the firewall. The users will be assigned an IP based on their group policy. In our setup, the user logs in via their AD Credentials, the Firewall checks their credentials against AD and depending on what VPN Group Policy group they are in in AD, the firewall will then put them into a corresponding group policy. For instance:
my AD account is a member of the PocVPN group in AD. When the Firewall authenticates me with AD, AD tells the firewall that im in the PocVPN group, so the firewall put me in the PocVPN Anyconnect group policy and assigns me an IP address defined in that group policy.
What I would like to do is move the DHCP function to a back end Windows DHCP server while still maintaining the functionality of assigning IP addresses based on user/group policy. I cant find any good articles on how to do this online. Does anyone have experience doing this?
Thanks.