09-14-2012 04:55 PM
We are using Anyconnect vpn client (v2.5.3055) to an ASA 5520 (v8.4) in a development environment. We use our corporate Radius server to authenticate users. We have certain users which need have the same IP address everytime they login. As it is configured now, the IP addresses are assigned sequentially from the pool. Is there a way to allow certain users to get the same IP address each time they logon? Thanks.
09-14-2012 05:07 PM
Yes, you can use the radius server to assign a specific ip address to the vpn users.
here is the configuration guide on the ASA:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpnadd.html#wp999685
You would need to make sure that the specific IP is not part of the vpn pool, otherwise 2 users might have the same IP.
09-14-2012 05:37 PM
Hi,
The problem is I don't have admin access to the corp Radius server. Any way to do it on the ASA?
09-14-2012 06:58 PM
Yes, you can do it on the ASA, however, you would need to authenticate to the ASA local database instead of Radius.
Here is a sample configuration for your reference:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
The command is vpn-framed-ip-address
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide