Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Assign static address to a VPN user (from IOS router)

Reply
Thread Tools

Assign static address to a VPN user (from IOS router)

 
 
jmarkotic
Guest
Posts: n/a
 
      10-29-2003
Hi,
I'm trying to assing a static ip address for a VPN user connecting with
Cisco VPN client to an IOS router. With ip pools it works just fine.
I tried configuration with and without radius but I just can't seem to find
a way to assign static ip to a user. All examples I could find were with ip
pools.

Config without radius:
aaa authentication login autentifikacija_korisnika group radius local
aaa authorization network autorizacija_grupe local
!
crypto isakmp client configuration group mygroup
key mykey
dns 10.24.112.21
domain xxxxxxxx.xx
pool my_pool
acl 199
!
crypto map klijentska_mapa client authentication list
autentifikacija_korisnika
crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
crypto map klijentska_mapa client configuration address respond
crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa

With radius, when group and user are defined on radius server.
Well, it's pretty much the same with user/group defined on server.

cheers,
jura


 
Reply With Quote
 
 
 
 
Norbert H. Kunth
Guest
Posts: n/a
 
      10-30-2003
"jmarkotic" <(E-Mail Removed)> wrote in message news:<bnpfgk$nl1$(E-Mail Removed)>...
[no static addresses for vpn-user]

Hi Jura,

I have the same problem and have not found a way to do this yet.
Fortunately we haven't so many user who need fixed ip addresses. For
this user I use the work-around to configure separate groups with
pools containig just one ip address.

Norbert
 
Reply With Quote
 
 
 
 
jmarkotic
Guest
Posts: n/a
 
      10-30-2003
Yes, that's exactly what I did, but I guess there is no some elegant way to
assign static ip address. Most of our users need static ip address (because
of some definition with printers), so router configuration looks rather
funny.

thanks,
j

"Norbert H. Kunth" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "jmarkotic" <(E-Mail Removed)> wrote in message

news:<bnpfgk$nl1$(E-Mail Removed)>...
> [no static addresses for vpn-user]
>
> Hi Jura,
>
> I have the same problem and have not found a way to do this yet.
> Fortunately we haven't so many user who need fixed ip addresses. For
> this user I use the work-around to configure separate groups with
> pools containig just one ip address.
>
> Norbert



 
Reply With Quote
 
Claude LeFort
Guest
Posts: n/a
 
      11-04-2003
create a second pool and a second group with only one address. the user
will use the group "solopool" with a passkey of "mysolokey" with their
standard username and password. they will always be assigned an address of
"10.0.0.254"

ip local pool solo_pool 10.0.0.254

crypto isakmp client configuration group solopool
key mysolokey
dns 10.24.112.21
domain xxxxxxxx.xx
pool solo_pool
acl 199

Claude
--



*****to e-mail me directly remove NOSPAM in e-mail address*******

"jmarkotic" <(E-Mail Removed)> wrote in message
news:bnpfgk$nl1$(E-Mail Removed)...
> Hi,
> I'm trying to assing a static ip address for a VPN user connecting with
> Cisco VPN client to an IOS router. With ip pools it works just fine.
> I tried configuration with and without radius but I just can't seem to

find
> a way to assign static ip to a user. All examples I could find were with

ip
> pools.
>
> Config without radius:
> aaa authentication login autentifikacija_korisnika group radius local
> aaa authorization network autorizacija_grupe local
> !
> crypto isakmp client configuration group mygroup
> key mykey
> dns 10.24.112.21
> domain xxxxxxxx.xx
> pool my_pool
> acl 199
> !
> crypto map klijentska_mapa client authentication list
> autentifikacija_korisnika
> crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
> crypto map klijentska_mapa client configuration address respond
> crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa
>
> With radius, when group and user are defined on radius server.
> Well, it's pretty much the same with user/group defined on server.
>
> cheers,
> jura
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
instructions on how to perform an IOS upgrade on a Catalyst 6500 switch (IOS to IOS) Mike Rahl Cisco 1 05-30-2007 05:22 PM
VPN - Cisco IOS <-> VPN Client - problem Jarosław Skórka Cisco 1 02-01-2005 11:32 AM
how to assign a DSL user a static ip using pppoe and a 3640 router? Andy G Cisco 2 07-24-2004 08:13 AM
IOS to IOS VPN Problem Evan Mann Cisco 0 02-11-2004 04:42 PM
Building VPN's: Static/Dynamic//IOS/PIX/Cisco VPN Client/ all at the same time hk Cisco 0 11-25-2003 02:47 AM



Advertisments