cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1124
Views
0
Helpful
4
Replies
Highlighted
Beginner

ISE and static ip assigment

Hi

I have a problem, in my ACS 4.1 when I creating some users , I have line

Assign staic IP x.x.x.x

And when user conect to VPN on ASA(which have pool for remote connections) it always assign particular IP from my ACS.

Is the any way to do so in Cisco ISE?

4 REPLIES 4
Highlighted
Beginner

That was easy than I thought, just making a new permissions in authorization policy result with Framed-IP-address attribute

Highlighted

Could you explain exactly what you have done, i am trying to do a lab setup with the same function of static ip assignements for vpn clients.

Highlighted

Hi, 

This is the topology.

Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.

Internet  ----- ASA ------ LAN --- ISE and Windows DHCP Server.

Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.

Thanks.

Highlighted

Hi, I did not user Windows DHCP, I'm using integrated DHCP server in ASA. You should create new custom user attribute in AD. For example call it "framed-ip", assign address to this attribute in AD. On ISE server add in authorization profile(result) add advanced settings Radius:Framed-IP-Address=AD:framed-ip .During authorization process ISE push ip address from AD to your client.

(In case if user has multiple connections at same time - first session only will assig this ip)

Content for Community-Ad