[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to assign a Cisco PIX VPN user a static IP

Posted on 2011-10-07
9
Medium Priority
?
317 Views
Last Modified: 2012-05-12
hi Everyone,
 
does anyone know if it is possible to make sure one VPN user always gets the same IP address?
We are using a PIX 515E

 thanks!
0
Comment
Question by:WAMSINC
  • 4
  • 4
9 Comments
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 36931765
yes that is possible.
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36931768
If they are always using the same system you can simply setup a DHCP reservation on whatever device is acting as the DHCP server. If it's the PIX simply setup the reservation as a part of the VPN DHCP Scope.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36931773
Another note is that if you're using a RADIUS server for authentication you could assign the IP address based on the actually "user" account.

MO
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:WAMSINC
ID: 36931788
thanks - this person will be using the same laptop and I have his MAC address - what is the command for that?
0
 

Author Comment

by:WAMSINC
ID: 36932058
Im not seeing a command to create a dhcp reservation in the documentation, is there a workaround ?
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36932176
I just remembered that PIXs can't do DHCP reservations. ASA's can. You'll need to use your internal DHCP server (presumably a Windows Server running DHCP). You can setup DHCPRELAY on the Cisco PIX to relay DHCP traffic to your internal host.

dhcprelay server 10.10.10.10 inside
dhcprelay enable inside

MO
0
 

Author Comment

by:WAMSINC
ID: 36932496
ok thanks - I set up a lease pool on a windows server, but when I enter dhcprelay enable inside I get the following:

DHCP Relay cannot receive DHCP requests and forward them on the same interface.
0
 

Author Comment

by:WAMSINC
ID: 36933410
from what I can find, I think you meant to say "dhcprelay server 10.10.10.10. outside"

but looks like there is a tunnel group set up to get a local IP address and when I enable the dhcprelay I get the error ""Secure VPN Connection terminated by Peer. Reason 433:(Reason Not Specified by Peer)" "
0
 
LVL 16

Accepted Solution

by:
Michael Ortega earned 2000 total points
ID: 36934524
try other way around. remove the dhcprelay entries you have thus far.

dhcprelay server 10.10.10.10 inside
dhcprelay enable outside

MO
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question