Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
3
Replies

ASA 5555 Static IP address problem

Go to solution
Luke92881
Level 1
Level 1

‎06-25-2013 11:48 AM

I am attempting to setup static IP assignments per the following documentation:

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html

My co-worker and I feel like we have tried just about everything and yet we are unable to get the IP address defined in AD (Dialin tab) to come up on our system.

We have the following AD map setup:

map-name  msRADIUSFramedIPAddress IETF-Radius-Framed-IP-Address

The map is applied to the LDAP listing

we have one map already working - msNPAllowDialin attributes to restrict tunneling protocols.

No matter how we configure things, the IP address we are assigned after connection comes from our Windows DHCP server, not the Dialin Tab.

I keep thinking we are overlooking something simple, any ideas?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Phirsov
Level 7
Level 7

‎06-25-2013 01:32 PM

I think the best way to find out is to enable debug of the radius-related things on your ASA and see if the mapping of attributes actually occurs and how it occurs. Static assignment should always take precedense over the dhcp, so here something wrong with the mapping, i guess..

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andrew Phirsov
Level 7
Level 7

‎06-25-2013 01:32 PM

I think the best way to find out is to enable debug of the radius-related things on your ASA and see if the mapping of attributes actually occurs and how it occurs. Static assignment should always take precedense over the dhcp, so here something wrong with the mapping, i guess..

0 Helpful

Go to solution
Luke92881
Level 1
Level 1
In response to Andrew Phirsov

‎06-26-2013 05:29 AM

Thanks you! We found the issue, the attribute was not ever being hit because there was a typo in the Base DN on the LDAP server(s).

We just have to get the subnet mask and gateway to configure properly now.

0 Helpful

Go to solution
Andrew Phirsov
Level 7
Level 7
In response to Luke92881

‎06-26-2013 05:53 AM

Glad for you)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents