Re: IOS EZVPN and Static IP Address

derekgaff · ‎04-18-2009

Have approx 50-60 EZVPN Clients terminating on our Server. I would like it so that each ezvpn client is give a static ip address, nainly for management polling. The only way I can get ezvpn to work at the moment is with a DHCP on the Cisco ACS Server, the pool is assigned to the EZVPN Group.

Any ideas,

Ivan Martinon · ‎04-20-2009

If you are using Radius, you can configure the Framed-IP Address attribute to pass the ip address for the user that has been authenticated. Assigning an ip address per user is the best approach you have.

derekgaff · ‎04-21-2009

Hi Imartino

Thank you for your reply, but correct me if im wrong here. But isent the IP Address assigned to the client at IKE stage of the IPSec setup. The username authentication comes afterwords.

Just to confirm, what you are saying. There are two authentications per setup, first one is Group Name/Password and the second one is the ezyvpn username password.

Which one are you refering too. Just to let you know that all our clients use the same Group Name/Password for the IKE stage, only difference between clients is the ezvpn username/password. All clients are part of the same customer.

regards

Derek

Ivan Martinon · ‎04-21-2009

IP address assignment comes on the MODE CONFIG message/stage if the EZVPN setup, MODE CONFIG comes after IKE has been completed and for IKE (Phase 1) to be complated Xauth needs to be succesful hence user authentication comes before the ip address is assigned.