Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
1
Replies

VPN IP address assignment

jms112080
Level 1
Level 1

‎01-31-2007 12:41 PM - edited ‎02-21-2020 02:50 PM

I'm currently using an ASA 5520 running 7.2 for my VPN. We have it configured to verify the machine certificate and then pass user authentication to a microsoft IAS. It works fine, but everyone currently gets an IP from the same pool of address on my DHCP server.

If possible I would like to be able to seperate certain Active Directory groups and have them be on different subnets.

Does anyone know how to configure IAS to do the address assignment or is it possible with configuration on the ASA?

Labels:
0 Helpful
1 Reply 1

swharvey
Level 3
Level 3

‎02-01-2007 02:57 PM

I don't know if/how your request can be done to a microsoft IAS, but I have been able to successfully configure Cisco's ACS 4.0 RADIUS server to tie into Windows 2003 AD, and based on User group settings on the ACS server, authenticate and allocate dhcp addresses from different pools.

This provides us the flexibility to have a centralized windows authentication method, and a corresponding dhcp pool each of the equivalent AD groups that are settup on the Radius server.

Now if I could just get the ACS "Downloadable ACL's" to apply to authenticated users I'd be one happy cisco user!

Hope this helps.

-Scott

0 Helpful
Customers Also Viewed These Support Documents