cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
156
Views
5
Helpful
4
Replies
Highlighted
Beginner

need bind Ip addresss with user or mac in anyconncet

Dear Team ,

 

we have FTD 2110 with FMC in vm and configured any connect vpn

 

is working properly

 

actually now we need same ip when user connecting anyconnect we are open for any option but requirement should be fulfilled

 

we can go with Integration with radius ,ldap

 

Please suggest its urgently needed

 

Regards,

Harmesh Yadav

9978440755

1 ACCEPTED SOLUTION

Accepted Solutions
RJI Advisor
Advisor

Re: need bind Ip addresss with user or mac in anyconncet

Hi,
You can define a static IP address in the AD user's "Dial In" properties. This value can be queried upon connection to the VPN using either RADIUS or LDAP.

 

To configure LDAP you will need to define an attribute-map, this can only be applied on FTD currenlty using Flexconfig.

Refer to this link for the LDAP syntax and this link for an example of Flexconfig to push out LDAP configuration.

 

Example of ISE here, although the example uses ASA it works on FTD also.

 

HTH

View solution in original post

4 REPLIES 4
Highlighted
VIP Advisor

Re: need bind Ip addresss with user or mac in anyconncet

how is your any connect user getting IP address, you reserve the IP address and add on to ACL instead of any ( make sure you also add some internal LAN IP address - and test, if not you going to Lock down ?)

 

BB
*** Rate All Helpful Responses ***
RJI Advisor
Advisor

Re: need bind Ip addresss with user or mac in anyconncet

Hi,
You can define a static IP address in the AD user's "Dial In" properties. This value can be queried upon connection to the VPN using either RADIUS or LDAP.

 

To configure LDAP you will need to define an attribute-map, this can only be applied on FTD currenlty using Flexconfig.

Refer to this link for the LDAP syntax and this link for an example of Flexconfig to push out LDAP configuration.

 

Example of ISE here, although the example uses ASA it works on FTD also.

 

HTH

View solution in original post

Highlighted
Beginner

Re: need bind Ip addresss with user or mac in anyconncet

Dear RJI actually we have configured ISE and in AD dial-up we have added IP address .

 

and we are fulfilled static IP address Requirement ., but other user who is not configured with static IP that user should not get ip by DHCP - How can we achieve this ?

 

Secondly ->  if we dont want to give Static IP in dial up so what will be other option , Support we will use Only ISE for authorization and create local user in ISE will it possible to give Static IP by ise only ?

 

Actually user number is high .

Thanks 

Highlighted
RJI Advisor
Advisor

Re: need bind Ip addresss with user or mac in anyconncet

Hi.

If DHCP is configured on the tunnel-group then the users that don't get a static IP address assigned dynamically should receive an IP address via DHCP.

 

If you want to use ISE you can use the radius atrribute value pair -" Framed-IP-Address" in an authorisation profile. E.g

Untitled picture.png

HTH