framed-ip-address not working for remote access vpn

Anisuzzaman Bipu · ‎09-08-2011

I'm trying to achieve framed-ip-address/static ip address for some remote access vpn clients and ip allocation from pool dynamically for remaining remote access vpn clients. I've configured my asa with the help of http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

I'm using local database for user authentication. Remote users can connect and always gets IP address from pool only and never gets the framed-ip I configured for those particular users.

Could anyone please help me to find what I missed.

Herbert Baerten · ‎09-10-2011

Hello Anisuzzaman

I believe the document is incorrect when it tells you to configure "no vpn-addr-assign aaa".

Local per-user attributes are considered as "local AAA-sever" so please configure "vpn-addr-assign aaa" (or check the check box for "Use authentication server" in ASDM) and try again.

hth

Herbert

Anisuzzaman Bipu · ‎09-16-2011

Thanks Herbert, authentication server parameter did the trick. Cheers.

Lee Valentin · ‎09-12-2011

When you create the user account, use the following syntax under the username attributes

username attributes

vpn-group-policy

vpn-framed-ip-address <10.10.10.35 255.255.255.0>

The items in brackets is what you'll change based on your specific configuration

Good luck