Remote access VPN with IP address reservation
Posted on 2009-07-02
I'm trying to make Remote VPN user access with AD authentication and IP address reservation using Cisco ASA 5505 (ver 8.0.2).
AD authentication works fine with reconfiguration on AD servers ( IAS,RAS service etc), but IP address reservation won't work. IP address reservation is done on DHCP servers (WIN2003) and important because of the access to perimeter networks through firewalls no matter if user is in the company or not.
This is what I already tried:
1. I routed VPN remote users to dhcp server (bellow):
tunnel-group RADIUS type remote-access
tunnel-group RADIUS general-attributes
tunnel-group RADIUS ipsec-attributes
and user obtain an IP address from DHCP pool but not the one that I reserved for ?!
I tried with MAC address of machine and with PPP physical address but the same thing happens 'it doesn't see ' the reservation.
2.the other thing is to configure static IP address for Dial-in users on AD:
User->Properties ->Dial-In->Assign a static IP address ..
In this case I obtain the willing address but I have problem with routing:
Incorrect def.gtw (10.0.0.1) and subnet mask (/8)
I don't see what else I can do ..any suggestions ?