Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Assign static address to a VPN user (from IOS router) (http://www.velocityreviews.com/forums/t29840-assign-static-address-to-a-vpn-user-from-ios-router.html)

jmarkotic 10-29-2003 10:39 PM

Assign static address to a VPN user (from IOS router)
 
Hi,
I'm trying to assing a static ip address for a VPN user connecting with
Cisco VPN client to an IOS router. With ip pools it works just fine.
I tried configuration with and without radius but I just can't seem to find
a way to assign static ip to a user. All examples I could find were with ip
pools.

Config without radius:
aaa authentication login autentifikacija_korisnika group radius local
aaa authorization network autorizacija_grupe local
!
crypto isakmp client configuration group mygroup
key mykey
dns 10.24.112.21
domain xxxxxxxx.xx
pool my_pool
acl 199
!
crypto map klijentska_mapa client authentication list
autentifikacija_korisnika
crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
crypto map klijentska_mapa client configuration address respond
crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa

With radius, when group and user are defined on radius server.
Well, it's pretty much the same with user/group defined on server.

cheers,
jura



Norbert H. Kunth 10-30-2003 09:13 AM

Re: Assign static address to a VPN user (from IOS router)
 
"jmarkotic" <jmarkotic@hotmail.com> wrote in message news:<bnpfgk$nl1$1@ls219.htnet.hr>...
[no static addresses for vpn-user]

Hi Jura,

I have the same problem and have not found a way to do this yet.
Fortunately we haven't so many user who need fixed ip addresses. For
this user I use the work-around to configure separate groups with
pools containig just one ip address.

Norbert

jmarkotic 10-30-2003 04:46 PM

Re: Assign static address to a VPN user (from IOS router)
 
Yes, that's exactly what I did, but I guess there is no some elegant way to
assign static ip address. Most of our users need static ip address (because
of some definition with printers), so router configuration looks rather
funny.

thanks,
j

"Norbert H. Kunth" <norbert.kunth@rzleipzig.de> wrote in message
news:e8b5221f.0310300113.1a4323e4@posting.google.c om...
> "jmarkotic" <jmarkotic@hotmail.com> wrote in message

news:<bnpfgk$nl1$1@ls219.htnet.hr>...
> [no static addresses for vpn-user]
>
> Hi Jura,
>
> I have the same problem and have not found a way to do this yet.
> Fortunately we haven't so many user who need fixed ip addresses. For
> this user I use the work-around to configure separate groups with
> pools containig just one ip address.
>
> Norbert




Claude LeFort 11-04-2003 12:24 AM

Re: Assign static address to a VPN user (from IOS router)
 
create a second pool and a second group with only one address. the user
will use the group "solopool" with a passkey of "mysolokey" with their
standard username and password. they will always be assigned an address of
"10.0.0.254"

ip local pool solo_pool 10.0.0.254

crypto isakmp client configuration group solopool
key mysolokey
dns 10.24.112.21
domain xxxxxxxx.xx
pool solo_pool
acl 199

Claude
--



*****to e-mail me directly remove NOSPAM in e-mail address*******

"jmarkotic" <jmarkotic@hotmail.com> wrote in message
news:bnpfgk$nl1$1@ls219.htnet.hr...
> Hi,
> I'm trying to assing a static ip address for a VPN user connecting with
> Cisco VPN client to an IOS router. With ip pools it works just fine.
> I tried configuration with and without radius but I just can't seem to

find
> a way to assign static ip to a user. All examples I could find were with

ip
> pools.
>
> Config without radius:
> aaa authentication login autentifikacija_korisnika group radius local
> aaa authorization network autorizacija_grupe local
> !
> crypto isakmp client configuration group mygroup
> key mykey
> dns 10.24.112.21
> domain xxxxxxxx.xx
> pool my_pool
> acl 199
> !
> crypto map klijentska_mapa client authentication list
> autentifikacija_korisnika
> crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
> crypto map klijentska_mapa client configuration address respond
> crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa
>
> With radius, when group and user are defined on radius server.
> Well, it's pretty much the same with user/group defined on server.
>
> cheers,
> jura
>
>





All times are GMT. The time now is 01:07 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.