Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
5
Helpful
4
Replies

need bind Ip addresss with user or mac in anyconncet

Go to solution
harmesh88
Level 1
Level 1

‎03-23-2020 07:30 AM

Dear Team ,

 

we have FTD 2110 with FMC in vm and configured any connect vpn

 

is working properly

 

actually now we need same ip when user connecting anyconnect we are open for any option but requirement should be fulfilled

 

we can go with Integration with radius ,ldap

 

Please suggest its urgently needed

 

Regards,

Harmesh Yadav

9978440755

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-23-2020 08:41 AM

Hi,
You can define a static IP address in the AD user's "Dial In" properties. This value can be queried upon connection to the VPN using either RADIUS or LDAP.

 

To configure LDAP you will need to define an attribute-map, this can only be applied on FTD currenlty using Flexconfig.

Refer to this link for the LDAP syntax and this link for an example of Flexconfig to push out LDAP configuration.

 

Example of ISE here, although the example uses ASA it works on FTD also.

 

HTH

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-23-2020 07:56 AM

how is your any connect user getting IP address, you reserve the IP address and add on to ACL instead of any ( make sure you also add some internal LAN IP address - and test, if not you going to Lock down ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-23-2020 08:41 AM

Hi,
You can define a static IP address in the AD user's "Dial In" properties. This value can be queried upon connection to the VPN using either RADIUS or LDAP.

 

To configure LDAP you will need to define an attribute-map, this can only be applied on FTD currenlty using Flexconfig.

Refer to this link for the LDAP syntax and this link for an example of Flexconfig to push out LDAP configuration.

 

Example of ISE here, although the example uses ASA it works on FTD also.

 

HTH

Go to solution
harmesh88
Level 1
Level 1
In response to Rob Ingram

‎03-28-2020 12:07 AM - edited ‎03-28-2020 12:09 AM

Dear RJI actually we have configured ISE and in AD dial-up we have added IP address .

 

and we are fulfilled static IP address Requirement ., but other user who is not configured with static IP that user should not get ip by DHCP - How can we achieve this ?

 

Secondly ->  if we dont want to give Static IP in dial up so what will be other option , Support we will use Only ISE for authorization and create local user in ISE will it possible to give Static IP by ise only ?

 

Actually user number is high .

Thanks 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to harmesh88

‎03-28-2020 03:00 AM

Hi.

If DHCP is configured on the tunnel-group then the users that don't get a static IP address assigned dynamically should receive an IP address via DHCP.

 

If you want to use ISE you can use the radius atrribute value pair -" Framed-IP-Address" in an authorisation profile. E.g

Untitled picture.png

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents