06-25-2013 11:48 AM
I am attempting to setup static IP assignments per the following documentation:
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html
My co-worker and I feel like we have tried just about everything and yet we are unable to get the IP address defined in AD (Dialin tab) to come up on our system.
We have the following AD map setup:
map-name msRADIUSFramedIPAddress IETF-Radius-Framed-IP-Address
The map is applied to the LDAP listing
we have one map already working - msNPAllowDialin attributes to restrict tunneling protocols.
No matter how we configure things, the IP address we are assigned after connection comes from our Windows DHCP server, not the Dialin Tab.
I keep thinking we are overlooking something simple, any ideas?
Thanks
Solved! Go to Solution.
06-25-2013 01:32 PM
I think the best way to find out is to enable debug of the radius-related things on your ASA and see if the mapping of attributes actually occurs and how it occurs. Static assignment should always take precedense over the dhcp, so here something wrong with the mapping, i guess..
06-25-2013 01:32 PM
I think the best way to find out is to enable debug of the radius-related things on your ASA and see if the mapping of attributes actually occurs and how it occurs. Static assignment should always take precedense over the dhcp, so here something wrong with the mapping, i guess..
06-26-2013 05:29 AM
Thanks you! We found the issue, the attribute was not ever being hit because there was a typo in the Base DN on the LDAP server(s).
We just have to get the subnet mask and gateway to configure properly now.
06-26-2013 05:53 AM
Glad for you)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: