Assign static address to a VPN user (from IOS router)

Discussion in 'Cisco' started by jmarkotic, Oct 29, 2003.

  1. jmarkotic

    jmarkotic Guest

    Hi,
    I'm trying to assing a static ip address for a VPN user connecting with
    Cisco VPN client to an IOS router. With ip pools it works just fine.
    I tried configuration with and without radius but I just can't seem to find
    a way to assign static ip to a user. All examples I could find were with ip
    pools.

    Config without radius:
    aaa authentication login autentifikacija_korisnika group radius local
    aaa authorization network autorizacija_grupe local
    !
    crypto isakmp client configuration group mygroup
    key mykey
    dns 10.24.112.21
    domain xxxxxxxx.xx
    pool my_pool
    acl 199
    !
    crypto map klijentska_mapa client authentication list
    autentifikacija_korisnika
    crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
    crypto map klijentska_mapa client configuration address respond
    crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa

    With radius, when group and user are defined on radius server.
    Well, it's pretty much the same with user/group defined on server.

    cheers,
    jura
    jmarkotic, Oct 29, 2003
    #1
    1. Advertising

  2. "jmarkotic" <> wrote in message news:<bnpfgk$nl1$>...
    [no static addresses for vpn-user]

    Hi Jura,

    I have the same problem and have not found a way to do this yet.
    Fortunately we haven't so many user who need fixed ip addresses. For
    this user I use the work-around to configure separate groups with
    pools containig just one ip address.

    Norbert
    Norbert H. Kunth, Oct 30, 2003
    #2
    1. Advertising

  3. jmarkotic

    jmarkotic Guest

    Yes, that's exactly what I did, but I guess there is no some elegant way to
    assign static ip address. Most of our users need static ip address (because
    of some definition with printers), so router configuration looks rather
    funny.

    thanks,
    j

    "Norbert H. Kunth" <> wrote in message
    news:...
    > "jmarkotic" <> wrote in message

    news:<bnpfgk$nl1$>...
    > [no static addresses for vpn-user]
    >
    > Hi Jura,
    >
    > I have the same problem and have not found a way to do this yet.
    > Fortunately we haven't so many user who need fixed ip addresses. For
    > this user I use the work-around to configure separate groups with
    > pools containig just one ip address.
    >
    > Norbert
    jmarkotic, Oct 30, 2003
    #3
  4. create a second pool and a second group with only one address. the user
    will use the group "solopool" with a passkey of "mysolokey" with their
    standard username and password. they will always be assigned an address of
    "10.0.0.254"

    ip local pool solo_pool 10.0.0.254

    crypto isakmp client configuration group solopool
    key mysolokey
    dns 10.24.112.21
    domain xxxxxxxx.xx
    pool solo_pool
    acl 199

    Claude
    --



    *****to e-mail me directly remove NOSPAM in e-mail address*******

    "jmarkotic" <> wrote in message
    news:bnpfgk$nl1$...
    > Hi,
    > I'm trying to assing a static ip address for a VPN user connecting with
    > Cisco VPN client to an IOS router. With ip pools it works just fine.
    > I tried configuration with and without radius but I just can't seem to

    find
    > a way to assign static ip to a user. All examples I could find were with

    ip
    > pools.
    >
    > Config without radius:
    > aaa authentication login autentifikacija_korisnika group radius local
    > aaa authorization network autorizacija_grupe local
    > !
    > crypto isakmp client configuration group mygroup
    > key mykey
    > dns 10.24.112.21
    > domain xxxxxxxx.xx
    > pool my_pool
    > acl 199
    > !
    > crypto map klijentska_mapa client authentication list
    > autentifikacija_korisnika
    > crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
    > crypto map klijentska_mapa client configuration address respond
    > crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa
    >
    > With radius, when group and user are defined on radius server.
    > Well, it's pretty much the same with user/group defined on server.
    >
    > cheers,
    > jura
    >
    >
    Claude LeFort, Nov 4, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hk
    Replies:
    0
    Views:
    1,938
  2. Mirek
    Replies:
    7
    Views:
    10,280
    Mirek
    Feb 18, 2004
  3. Andy G
    Replies:
    2
    Views:
    903
  4. Christian Neuner

    Assign static IPs to port of a managed switch

    Christian Neuner, Jun 24, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,039
    Walter Roberson
    Jun 24, 2005
  5. extremesanity
    Replies:
    1
    Views:
    1,197
    T-RoyNewBE
    Jul 25, 2011
Loading...

Share This Page