12-28-2012 05:40 AM
Hi
I have a problem, in my ACS 4.1 when I creating some users , I have line
Assign staic IP x.x.x.x
And when user conect to VPN on ASA(which have pool for remote connections) it always assign particular IP from my ACS.
Is the any way to do so in Cisco ISE?
12-29-2012 03:03 AM
That was easy than I thought, just making a new permissions in authorization policy result with Framed-IP-address attribute
12-30-2012 07:54 AM
Could you explain exactly what you have done, i am trying to do a lab setup with the same function of static ip assignements for vpn clients.
04-05-2017 03:15 PM
Hi,
This is the topology.
Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.
Internet ----- ASA ------ LAN --- ISE and Windows DHCP Server.
Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.
Thanks.
04-05-2017 11:21 PM
Hi, I did not user Windows DHCP, I'm using integrated DHCP server in ASA. You should create new custom user attribute in AD. For example call it "framed-ip", assign address to this attribute in AD. On ISE server add in authorization profile(result) add advanced settings Radius:Framed-IP-Address=AD:framed-ip .During authorization process ISE push ip address from AD to your client.
(In case if user has multiple connections at same time - first session only will assig this ip)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide