Solved: Re: assign / reserved static IP for vpn user

ronald.su · ‎05-10-2020

hello,

good day! we have 2 VPN entry : IPSec and anyconnect. both are on ASA5515x

the VPN user use aaa (active directory) to do the authentication. we wanna to usig ACL to deny some user to access some server's IP.

so I wondering how to assign or reserved IP to vpn user.

thanks

Rob Ingram · ‎05-12-2020

Of course, that would be expected, you can't share an IP address.

You could restrict the maximum number of simultaneous logins per user using the comand "vpn-simultaneous-logins 1" this is defined under the group-policy.

View solution in original post

Rob Ingram · ‎05-11-2020

Hi,

You can do this using RADIUS or LDAP, the static IP address can be defined in the AD user's properties dial-in tab. The following are examples of how to configuring the ASA depending on how you authenticate the users.

RADIUS example here and LDAP example here.

HTH

ronald.su · ‎05-11-2020

YEP, I can assign the IP by user's perporty. But I found another issue:

the setting only take effect on the first user. e.g.

if user1 assigned 10.0.0.1, and someone login wth user1, the IP will assigned to this user, thats cool. BUT if another people use same user account (user1) to login, it's will assgin a "random " IP in my IP pool.

so , I wanna know how to disable the concurrent login. one vpn account can only login 1 device.

Rob Ingram · ‎05-12-2020

Of course, that would be expected, you can't share an IP address.

You could restrict the maximum number of simultaneous logins per user using the comand "vpn-simultaneous-logins 1" this is defined under the group-policy.

ronald.su · ‎05-12-2020

awesome !!! thanks !!!