Solved: Your welcome please mark the

srivero · ‎01-27-2016

Hello guys.

I'm using a Cisco ASA 5540 with version 8.4.

I need to assign an static IP address to a VPN client. I have seen in the Cisco documentation that it can be done validating the user against the ASA local database and in the user account you can assign a dedicated IP address, or using the CLI vpn-framed-ip-address command.

The problem is that the client never gets that address and always gets one from the pool in the policy group. If I delete this pool, the client can not get any address.

Any idea about how to solve this issue or how can I give this static IP for a specific VPN client?

Thanks.

Diego Lopez · ‎01-27-2016

Your welcome please mark the answer as correct and rate.

Cheers

View solution in original post

Diego Lopez · ‎01-27-2016

Hello,

The command "vpn-framed-ip-address" should work fine just need to make sure that the following command is enabled on the ASA "vpn-addr-assign aaa".

You are assigning the IP address with an aaa attribute of the local user if that is not enabled the address will be assigned from the local pool in the tunnel-group or group-policy.

Regards, please rate.

srivero · ‎01-27-2016

Hello Diego.

It worked perfectly. I am sorry but all the documentation I have seen, it is said exactly the opposite, disable that command and configure “no vpn-addr-assign aaa”. It is obviously wrong.

Muchas gracias. It really helped.

Diego Lopez · ‎01-27-2016

Your welcome please mark the answer as correct and rate.

Cheers

ASA Static IP Addressing for IPSec VPN Client