cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
174
Views
0
Helpful
4
Replies
tonny_ecmyy
Beginner

assign vpn fixed ip?

Hello there,

I have simple question here i guess...

I'm using vpn in pix firewall and assign an ip address to vpn client range from 192.168.2.1 to 192.168.2.254, but is it possible to assign vpn client with fixed ip for example 192.168.2.1 for pc A 192.168.2.2 for pc B, because the firewall assign it automatically..the ip always change. is it possible doing this with pix firewall?

Thanks for helping

Tonny

3 ACCEPTED SOLUTIONS

Accepted Solutions
sachinraja
Engager

Hello Tonny,

In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.

If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.

This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.

hope this helps.. all the best..

Raj

View solution in original post

I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.

An ACS will also work as pointed out above.

Scott

View solution in original post

Hi scott,

that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...

anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.

Thanks for the input.

Raj

View solution in original post

4 REPLIES 4
sachinraja
Engager

Hello Tonny,

In case you are doing a local authentication, it is not possible. The local user gets an ip address from the local pool configured on the PIX. this will be dynamic.

If you can use a ACS server, and can authenticate the users using Radius or tacacs, the TACACS server can give a fixed IP to the dialin user. This can be configured on the ACS server.

This might cost you additional money. in order to reduce cost, most of them just use a dynamic IP pool on the PIX for VPN use.

hope this helps.. all the best..

Raj

View solution in original post

I believe you can configure an address pool on the PIX with a single address. You could then assign that single address pool to the individual vpngroup that you wanted.

An ACS will also work as pointed out above.

Scott

View solution in original post

Hi scott,

that is a good option too... but in this case, if there are 50 users, we need to create 50 different VPN pools, right ? this might be a big problem for the administrator...

anyway, if there are very less users, your solution will work perfect, without having to invest in costly ACS software/server.

Thanks for the input.

Raj

View solution in original post

Hi all,

Thanks for your reply, maybe i need additional money for doing this, because i have more than 50 users dial in, anyway..thank you very much

Tonny

Content for Community-Ad