Cisco Anyconnect client DHCP Reservation

Bob Greer · ‎01-24-2019

Hi there,

Thanks for reading.

I'm looking to reserve a IP address from the DHCP pool on the ASA. Is this possible? The ASA 5525 9.8(3)18.

Thanks!

Bob

Francesco Molino · ‎01-24-2019

Hi

Yes this is possible. The question is how you authenticate your users?

- From radius: Use radius Framed-IP-address attributes (see the link https://integratingit.wordpress.com/2017/01/01/cisco-asa-anyconnect-vpn-with-static-client-ip-address/)

- From AD (LDAP): You can setup this up through Dial-in tab (https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ref_extserver.html#wp1661694)

- From local ASA db: under username attributes section in the config, you can use the command vpn-framed-ip-address folllowed by the IP and mask.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Florin Barhala · ‎03-31-2021

While previous REPLY is helpful as knowledge base - the original question stays: can you make a reservation on an external DHCP Server using any kind of host identifier most common being its MAC address?

I did try using 9.12(4)10 and Windows Server and it doesn't work so far.

I am getting a very long DHCP identifier in the address leases and no matter I select it and add it to reservations due to being longer than expected MAC address, doesn't work.

Thanks,

Florin.

MKJulian · ‎10-31-2024

yes same issue and you cannot assign a MAC in any of anyconnect profile editors. I am able to assign IP addresses based on a Microsoft user group, I would like to reserve IP based on a hostname of the machine scavenging becomes and issue for secure applications that require consistency in forward and reverse lookups on dynamically assigned IP's if they change ip because of a disconnect.