Hi, I did not user Windows

Krasnoperov · ‎12-28-2012

Hi

I have a problem, in my ACS 4.1 when I creating some users , I have line

Assign staic IP x.x.x.x

And when user conect to VPN on ASA(which have pool for remote connections) it always assign particular IP from my ACS.

Is the any way to do so in Cisco ISE?

Krasnoperov · ‎12-29-2012

That was easy than I thought, just making a new permissions in authorization policy result with Framed-IP-address attribute

jan.nielsen · ‎12-30-2012

Could you explain exactly what you have done, i am trying to do a lab setup with the same function of static ip assignements for vpn clients.

rchockeelopez · ‎04-05-2017

Hi,

This is the topology.

Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.

Internet ----- ASA ------ LAN --- ISE and Windows DHCP Server.

Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.

Thanks.

Krasnoperov · ‎04-05-2017

Hi, I did not user Windows DHCP, I'm using integrated DHCP server in ASA. You should create new custom user attribute in AD. For example call it "framed-ip", assign address to this attribute in AD. On ISE server add in authorization profile(result) add advanced settings Radius:Framed-IP-Address=AD:framed-ip .During authorization process ISE push ip address from AD to your client.

(In case if user has multiple connections at same time - first session only will assig this ip)

ISE and static ip assigment