Solved: Re: ASA: AnyConnect with fix assignment between client PC and IP addre

swscco001 · ‎12-01-2021

Hello everybody,

our customer has a special requirement at his AnyConnect application with his

ASA5555 (OS 9.14(3)15).

They need a fix assignment between client PC and the assigned IP address,

independent of the user who will login.

I thought about a solution with a DHCP server that has a fix assignment between

MAC and IP address.

Is there a possibility to realize this anyhow?

Every idea or sample config is welcome!

Thanks a lot!

Bye

R.

Rob Ingram · ‎12-01-2021

Hi @swscco001 the ASA won't know about the connecting laptop's MAC address.

You can assign a static IP address by querying AD to deteremine if the AD user has been configured with a static IP address under the user's "Dial-in" properties, if not the user will be assigned an IP address defined under the VPN pool assigned to the group policy.

Examples for RADIUS or LDAP auth.

https://integratingit.wordpress.com/2017/01/01/cisco-asa-anyconnect-vpn-with-static-client-ip-address/

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc17

View solution in original post

Rob Ingram · ‎12-01-2021

Hi @swscco001 the ASA won't know about the connecting laptop's MAC address.

You can assign a static IP address by querying AD to deteremine if the AD user has been configured with a static IP address under the user's "Dial-in" properties, if not the user will be assigned an IP address defined under the VPN pool assigned to the group policy.

Examples for RADIUS or LDAP auth.

https://integratingit.wordpress.com/2017/01/01/cisco-asa-anyconnect-vpn-with-static-client-ip-address/

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc17

ASA: AnyConnect with fix assignment between client PC and IP address