Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
3
Replies

ASA 5510 VPN Question

Go to solution
brobertson
Level 1
Level 1

‎03-28-2007 12:19 PM

Can the ASA VPN ip pools be configured to "reserve" addresses much like dhcp does for incoming client connections in the same group-policy?

Creating an individual policy group for each client would be unmanagable.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mfreijser
Level 1
Level 1

‎04-12-2007 12:06 AM

This is certainly possible, but it does require you to add an ipaddress to every username in the configuration. The ASA looks at the username entered by the remote user, and checks if it has an ipaddress configured with it's username.

You can find the configuration option in the ASDM here: Configuration -> VPN -> General -> Users. Edit a user and go to the VPN Policy tab, you will find the 'Dedicated IP Address' option at the bottom of the page.

If you want to configure this via console/telnet/ssh: go to configuration mode and type the following:

username attributes

vpn-framed-ip-address

Make sure that the subnet matches the subnet of your already configured ip pool! If you use 192.168.10.0/24 as you ip pool, your configuration should look like this:

username testuser attributes

vpn-framed-ip-address 192.168.10.254 255.255.255.0

The address 192.168.10.254 should now always be assigned to user 'testuser'

Hope this post helps, please rate if it does!

Regards,

Michael

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mfreijser
Level 1
Level 1

‎04-12-2007 12:06 AM

This is certainly possible, but it does require you to add an ipaddress to every username in the configuration. The ASA looks at the username entered by the remote user, and checks if it has an ipaddress configured with it's username.

You can find the configuration option in the ASDM here: Configuration -> VPN -> General -> Users. Edit a user and go to the VPN Policy tab, you will find the 'Dedicated IP Address' option at the bottom of the page.

If you want to configure this via console/telnet/ssh: go to configuration mode and type the following:

username attributes

vpn-framed-ip-address

Make sure that the subnet matches the subnet of your already configured ip pool! If you use 192.168.10.0/24 as you ip pool, your configuration should look like this:

username testuser attributes

vpn-framed-ip-address 192.168.10.254 255.255.255.0

The address 192.168.10.254 should now always be assigned to user 'testuser'

Hope this post helps, please rate if it does!

Regards,

Michael

0 Helpful

Go to solution
john.croson
Level 1
Level 1
In response to mfreijser

‎08-02-2007 06:24 AM

If I've already got an address pool for a VPN group, and create another tunnel group based on that tunnel policy, but require local auth and assign an IP that falls into that pool, will I interfere with the pool allocation? Should I assign an IP outside the pool?

Thanks!

0 Helpful

Go to solution
john.croson
Level 1
Level 1

‎07-27-2007 11:24 AM

Excellent!

0 Helpful
Customers Also Viewed These Support Documents