Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
1
Replies

Unable to assign separate local IP Pools to RA VPN users

miteshrm
Level 1
Level 1

‎06-24-2020 05:57 AM

Hello All,

 

I have created two tunnel groups each having its own local IP pool and group policy. IP Pool for Admin group is 10.100.100.0/24 and for Support group is 10.200.200.0/24

For authentication I have configured AAA server with radius attribute class (25) in authorization result. This assigns users a desired group policy.

I have disabled tunnel group list and using  defaultWebVPN  tunnel group (using AAA for authentication) as I don't want users to select any connection profile during login.

I facing only one issue in this setup. I am not able to assign IP address for users belonging to respective tunnel group.

Under defaultWebVPN, I have configured both address pools but IPs are being assigned from Admin pool only.

How can I achieve above requirement.

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎06-24-2020 06:37 AM

Hi,
Define the unique IP address pool under the group-policies not the tunnel-group.
Alternatively you could push the desired IP pool via RADIUS upon authorisation.

HTH
0 Helpful
Customers Also Viewed These Support Documents