Solved

Remote access VPN  with IP address reservation

Posted on 2009-07-02
5
1,769 Views
Last Modified: 2012-05-07
Hello,

I'm trying to make Remote VPN user access with AD authentication and IP address reservation using Cisco ASA 5505 (ver 8.0.2).
AD authentication works fine with reconfiguration on AD servers ( IAS,RAS  service etc), but IP address reservation won't work. IP address reservation is done on DHCP servers (WIN2003) and important  because of the access  to perimeter networks through firewalls no matter if user is in the company or not.

This is what I already tried:
1. I routed VPN remote users to dhcp server (bellow):
...
tunnel-group RADIUS type remote-access
tunnel-group RADIUS general-attributes
 authentication-server-group RADIUS
 default-group-policy RADIUS
 dhcp-server 10.196.6.50
tunnel-group RADIUS ipsec-attributes
 pre-shared-key *
...
and user obtain an IP address from DHCP pool but not the one that I reserved for ?!
I tried with MAC address of machine and with PPP physical address but the same thing happens 'it doesn't see ' the reservation.

2.the other thing is to configure static IP address for Dial-in users on AD:
User->Properties ->Dial-In->Assign a static IP address ..
In this case I obtain the willing address but I have problem with routing:
Incorrect def.gtw (10.0.0.1) and subnet mask (/8)

I don't see what else I can do ..any suggestions ?
Thanks
0
Comment
Question by:minicom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24765089
Create a separate remote access group and use an IP pool on the ASA to assign the address instead of DHCP.
0
 

Author Comment

by:minicom
ID: 24770581
Did  you mean IP pool with one IP address for every user?  That means about 30-40 separate IP pools, not practical...
Im trying  to supply users laptops with the same IP address no matter if they are in LAN or if  they access remotely. Thats because the users would  have the same access privilege to perimeter networks in both cases - thats why I consider DHCP like option.
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 24772007
Sorry, but Cisco says using a VPN pool is the way to assign static IP addresses to VPN clients.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
0
 
LVL 28

Expert Comment

by:asavener
ID: 24772022
Actually, they used local user authentication and assigned an IP address to the user.
0
 

Author Comment

by:minicom
ID: 24793694
I concluded that DHCP reservation won't work in combination with RAS VPN according to current situation. So I accept the suggested solution above.
Thank you.
0

Featured Post

Webinar: MongoDB® Index Types

Join Percona’s Senior Technical Services Engineer, Adamo Tonete as he presents “MongoDB Index Types, How, When and Where Should They be Used?” on Wednesday, July 12, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question