08-03-2002 06:45 AM - edited 02-21-2020 11:58 AM
We have a VPN Concentrator which is configured to authenticate against a
CiscoSecure ACS server. Certain users are assigned static IP addresses, as
defined in CSACS, as this works seamlessly for Cisco VPN 3.x users or direct dial-up users (who log in to a NAS which authenticates against the same CSACS database).
There is a requirement to use a PIX (or an IOS FW+VPN) in another part of our network (The IOS router will require 12.2(8)T to support the Cisco VPN 3.x client). Will the PIX/IOS router recognise the static IP addresses, as defined in CSACS, and issue them to clients, or are client IP addresses always allocated from the pool defined locally on the PIX/IOS router?
08-05-2002 05:24 PM
I just tested this on a router, and I believe the PIX will work the same way.
If you send down a static IP address from the ACS server, it overrides the local pool defined on the router, and the user gets assigned that static IP address. So do it just the same as how you've done it for the VPN3000 users and you should be fine.
08-30-2002 07:38 AM
I couldn't get it to work with the router IOS 12.2.8T. The address was always assigned out of the pool defined in the router. Could you help providing some specific details?
Thanks
09-01-2002 10:18 PM
Actually I must apologize for this. What I tested initially was PPP connections to the router, not VPN. What I originally said still stands for PPP connections but not for VPN. With VPN connections the IP address must be assigned out of a local pool. In fact if you don't configure one on the router the VPN client won't connect at all.
Again, my apologies for misreading your original question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide