Hey experts, I wonder if any of you has done this before: I want to use Cisco ASA's AAA feature to perform an LDAP query into active directory to authenticate ssl vpn clients, AnyConnect Essentials clients, to be exact. That part is easy enough.
Can I also set a DHCP reservation in the active directory so that I can force connecting clients to always get the same IP address, can we push that out in an LDAP query? I won't have the mac address of clients, mind you, and the DCs wouldn't see that information anyway. If I can't do it using LDAP, can I do it using built in ISA RADIUS and MS Cert Svcs?
Bear in mind, I'm setting up a separate domain just for this auth, I can set it up with server 2003 or 2008, I don't have to worry about interoperability with any other application or other function of windows server; no exchange, no local clients, no sql, no nothing.
But dynamic dns and hostname resolution is not an option; queries to these connected hosts are going to be made using IP address, no way around it. --TX