Static IP for the VPN user

gauravshar · ‎04-01-2010

Hi There,

We are using the ASA5550 for the client VPN implementation with IAS as the authentication server (Windows AD user accounts). Now, if we wish to have a user connect to our VPN who is a vendor and does not need whole lot of abilities to browse on the network while on VPN. We were just thinking if we can somehow assign the user's machine a specific IP so that he will always get this same IP, and then we will be able to place restrictions/ACL on this IP to limitize the user to access just what he allowed to.

Kindly let me know if we can have any functionality where we can attach an IP with the user-id in ASA and/or MS-IAS. Awaiting your response!

Thanks and regards,

Gaurav

Federico Coto Fajardo · ‎04-01-2010

Hi,

If you create a separate group just for this user, you can authenticate him locally on the ASA and provide him with the same IP all the time.

Another option is to use a Radius attribute to assign the same IP address to the user always from a AAA server.

Federico.

Federico Coto Fajardo · ‎04-01-2010

Found the link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

Federico.