I have a problem, in my ACS 4.1 when I creating some users , I have line
Assign staic IP x.x.x.x
And when user conect to VPN on ASA(which have pool for remote connections) it always assign particular IP from my ACS.
Is the any way to do so in Cisco ISE?
Could you explain exactly what you have done, i am trying to do a lab setup with the same function of static ip assignements for vpn clients.
This is the topology.
Users are connecting via AnyConnect VPN and are getting authorized with ISE and AD. Windows DHCP Server is giving dynamically IP addreses. The customer wants to assign static MAC-IP binding in the DHCP Server so they can use the firewall to filter based on the VPN IP addresses.
Internet ----- ASA ------ LAN --- ISE and Windows DHCP Server.
Can you provide more information how can I assign MAC-IP binding in a Windows DHCP Server through AnyConnect VPN and ISE.
Hi, I did not user Windows DHCP, I'm using integrated DHCP server in ASA. You should create new custom user attribute in AD. For example call it "framed-ip", assign address to this attribute in AD. On ISE server add in authorization profile(result) add advanced settings Radius:Framed-IP-Address=AD:framed-ip .During authorization process ISE push ip address from AD to your client.
(In case if user has multiple connections at same time - first session only will assig this ip)