12-14-2004 08:36 PM - edited 02-21-2020 01:30 PM
Hello there,
I have simple question here i guess...
I'm using vpn in pix firewall and assign an ip address to vpn client range from 192.168.2.1 to 192.168.2.254, but is it possible to assign vpn client with fixed ip for example 192.168.2.1 for pc A 192.168.2.2 for pc B, because the firewall assign it automatically..the ip always change. is it possible doing this with pix firewall?
Thanks for helping
Tonny
Solved! Go to Solution.
12-15-2004 03:05 AM
Hello Tonny,
In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.
If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.
This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.
hope this helps.. all the best..
Raj
12-15-2004 10:02 AM
I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.
An ACS will also work as pointed out above.
Scott
12-15-2004 11:44 AM
Hi scott,
that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...
anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.
Thanks for the input.
Raj
12-15-2004 03:05 AM
Hello Tonny,
In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.
If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.
This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.
hope this helps.. all the best..
Raj
12-15-2004 10:02 AM
I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.
An ACS will also work as pointed out above.
Scott
12-15-2004 11:44 AM
Hi scott,
that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...
anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.
Thanks for the input.
Raj
12-15-2004 05:53 PM
Hi all,
Thanks for your reply, maybe i need additional money for doing this, because i have more than 50 users dial in, anyway..thank you very much
Tonny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide