Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
4
Replies

assign vpn fixed ip?

Go to solution
tonny_ecmyy
Level 1
Level 1

‎12-14-2004 08:36 PM - edited ‎02-21-2020 01:30 PM

Hello there,

I have simple question here i guess...

I'm using vpn in pix firewall and assign an ip address to vpn client range from 192.168.2.1 to 192.168.2.254, but is it possible to assign vpn client with fixed ip for example 192.168.2.1 for pc A 192.168.2.2 for pc B, because the firewall assign it automatically..the ip always change. is it possible doing this with pix firewall?

Thanks for helping

Tonny

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9

‎12-15-2004 03:05 AM

Hello Tonny,

In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.

If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.

This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.

hope this helps.. all the best..

Raj

View solution in original post

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to sachinraja

‎12-15-2004 10:02 AM

I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.

An ACS will also work as pointed out above.

Scott

View solution in original post

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to scoclayton

‎12-15-2004 11:44 AM

Hi scott,

that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...

anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.

Thanks for the input.

Raj

View solution in original post

0 Helpful
4 Replies 4

Go to solution
sachinraja
Level 9
Level 9

‎12-15-2004 03:05 AM

Hello Tonny,

In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.

If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.

This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.

hope this helps.. all the best..

Raj

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to sachinraja

‎12-15-2004 10:02 AM

I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.

An ACS will also work as pointed out above.

Scott

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to scoclayton

‎12-15-2004 11:44 AM

Hi scott,

that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...

anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.

Thanks for the input.

Raj

0 Helpful

Go to solution
tonny_ecmyy
Level 1
Level 1
In response to sachinraja

‎12-15-2004 05:53 PM

Hi all,

Thanks for your reply, maybe i need additional money for doing this, because i have more than 50 users dial in, anyway..thank you very much

Tonny

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents