minicom
asked on
Remote access VPN with IP address reservation
Hello,
I'm trying to make Remote VPN user access with AD authentication and IP address reservation using Cisco ASA 5505 (ver 8.0.2).
AD authentication works fine with reconfiguration on AD servers ( IAS,RAS service etc), but IP address reservation won't work. IP address reservation is done on DHCP servers (WIN2003) and important because of the access to perimeter networks through firewalls no matter if user is in the company or not.
This is what I already tried:
1. I routed VPN remote users to dhcp server (bellow):
...
tunnel-group RADIUS type remote-access
tunnel-group RADIUS general-attributes
authentication-server-grou p RADIUS
default-group-policy RADIUS
dhcp-server 10.196.6.50
tunnel-group RADIUS ipsec-attributes
pre-shared-key *
...
and user obtain an IP address from DHCP pool but not the one that I reserved for ?!
I tried with MAC address of machine and with PPP physical address but the same thing happens 'it doesn't see ' the reservation.
2.the other thing is to configure static IP address for Dial-in users on AD:
User->Properties ->Dial-In->Assign a static IP address ..
In this case I obtain the willing address but I have problem with routing:
Incorrect def.gtw (10.0.0.1) and subnet mask (/8)
I don't see what else I can do ..any suggestions ?
Thanks
I'm trying to make Remote VPN user access with AD authentication and IP address reservation using Cisco ASA 5505 (ver 8.0.2).
AD authentication works fine with reconfiguration on AD servers ( IAS,RAS service etc), but IP address reservation won't work. IP address reservation is done on DHCP servers (WIN2003) and important because of the access to perimeter networks through firewalls no matter if user is in the company or not.
This is what I already tried:
1. I routed VPN remote users to dhcp server (bellow):
...
tunnel-group RADIUS type remote-access
tunnel-group RADIUS general-attributes
authentication-server-grou
default-group-policy RADIUS
dhcp-server 10.196.6.50
tunnel-group RADIUS ipsec-attributes
pre-shared-key *
...
and user obtain an IP address from DHCP pool but not the one that I reserved for ?!
I tried with MAC address of machine and with PPP physical address but the same thing happens 'it doesn't see ' the reservation.
2.the other thing is to configure static IP address for Dial-in users on AD:
User->Properties ->Dial-In->Assign a static IP address ..
In this case I obtain the willing address but I have problem with routing:
Incorrect def.gtw (10.0.0.1) and subnet mask (/8)
I don't see what else I can do ..any suggestions ?
Thanks
Create a separate remote access group and use an IP pool on the ASA to assign the address instead of DHCP.
ASKER
Did you mean IP pool with one IP address for every user? That means about 30-40 separate IP pools, not practical...
Im trying to supply users laptops with the same IP address no matter if they are in LAN or if they access remotely. Thats because the users would have the same access privilege to perimeter networks in both cases - thats why I consider DHCP like option.
Im trying to supply users laptops with the same IP address no matter if they are in LAN or if they access remotely. Thats because the users would have the same access privilege to perimeter networks in both cases - thats why I consider DHCP like option.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Actually, they used local user authentication and assigned an IP address to the user.
ASKER
I concluded that DHCP reservation won't work in combination with RAS VPN according to current situation. So I accept the suggested solution above.
Thank you.
Thank you.