Solved

Cisco ASA DCHP Reservations

Posted on 2009-04-15
3
834 Views
Last Modified: 2013-11-05
I have a Cisco ASA 5510 configured for VPN access.  I've created and assigned an IP Address pool for VPN connections on the ASA device.  One of our applications that is accessed through the VPN has a builtin security feature that only allows access from preconfigured IP addresses. Is there a way to create DHCP reservations for the VPN connections on the ASA Device?
Note: User Accounts exist in Active Directory and will authenticate via LDAP. Using Local accounts is not considered an option at this point.
0
Comment
Question by:vikashdaya
  • 2
3 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24147251
Not without using local accounts.

What you can do however is create a separate VPN group (connection profile) and assign a different pool of addresses to be used for this application.  Only the users that need access to the application will use the new group and get an IP address that is allowed to access the application.
0
 

Author Comment

by:vikashdaya
ID: 24147446
I did think of that... however, the problem is the application locks down to IP address and Machine Name so the user has to get the same IP each time they connect.  Having a seperate IP Pool won't guarantee that they get the same IP each time.
I'm trying to work out if the VPN connections are able to get IP address assignments from Windows 2003 DHCP and AD User Properties (Dial-in tab has options to allocate IP to a user).  If anyone has links to how this can be done, please post them on this thread.
Thanks
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24147639
Kind of a kludge but you could create a VPN group per user if you only have a handful of users that access this application.

I know you can use a RADIUS attribute to assign an IP address so that is something to look into.  Perhaps IAS can provide this functionality.

As far as DHCP is concerned, you can tell the ASA to use a DHCP server instead of a local pool and create a reservation specifying the computers MAC address.  This might be the simplest option.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Generate HTML report about DHCP server 2003 1 45
Server 2008 to 2016 Essentials migration problem 6 112
Setting up L2TP/IPsec in RRAS 5 41
Problems with DHCP Reservation 11 27
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question