Cisco PIX 501 vpngroup user need to be assigned a static IP

Discussion in 'Cisco' started by a2d, Feb 5, 2007.

  1. a2d

    a2d Guest

    Can someone help me? I would like to configure the individual user to
    obtain a static IP via VPN, this is necessary so I can map to the
    local printers at the client machine.

    The internal network is using 192.168.0.x address, and the VPN IPs are
    assigned 10.11.11.x address, a DHCP for the VPN is setup from
    10.11.13.1-10.11.13.100, but i would like to assign this testuser
    account using 10.11.13.101 is this possible? Can someone enlighten
    me with the commands? Thanks much!

    access-list vpn_in permit ip 192.168.0.0 255.255.255.0 10.11.11.0
    255.255.255.0
    ip local pool vpnclient 10.11.11.1-10.11.11.100
    vpngroup testuser address-pool vpnclient
    vpngroup testuser split-tunnel vpn_in
    vpngroup testuser idle-time 1800
    vpngroup testuser password ********
     
    a2d, Feb 5, 2007
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >Can someone help me? I would like to configure the individual user to
    >obtain a static IP via VPN, this is necessary so I can map to the
    >local printers at the client machine.


    Give them an address-pool that consists only of the one address.
    Note that this requires that they be in a distinct vpngroup.
    I don't believe there is any way to assign an IP address from RADIUS
    for example (and I have no clue whether that kind of thing becomes
    possible in PIX 7.x .)
     
    Walter Roberson, Feb 5, 2007
    #2
    1. Advertising

  3. a2d

    a2d Guest

    On Feb 5, 3:05 pm, (Walter Roberson) wrote:
    > In article <>,
    >
    > <> wrote:
    > >Can someone help me? I would like to configure the individual user to
    > >obtain a static IP via VPN, this is necessary so I can map to the
    > >local printers at the client machine.

    >
    > Give them an address-pool that consists only of the one address.
    > Note that this requires that they be in a distinct vpngroup.
    > I don't believe there is any way to assign an IP address from RADIUS
    > for example (and I have no clue whether that kind of thing becomes
    > possible in PIX 7.x .)


    Walter,

    Thank you so much for responding to my post; howeve, i am still unsure
    what I needed to do command wise.

    if i am using the config below, how do i assign a static IP for each
    user/group? in otherwords, how do i assign a specific IP address to
    be used for each VPN group?

    access-list vpn_in permit ip 192.168.0.0 255.255.255.0 10.11.11.0
    255.255.255.0
    ip local pool vpnclient 10.11.11.1-10.11.11.100
    vpngroup testuser address-pool vpnclient
    vpngroup testuser split-tunnel vpn_in
    vpngroup testuser idle-time 1800
    vpngroup testuser password ********
    vpngroup testuser2 address-pool vpnclient
    vpngroup testuser2 split-tunnel vpn_in
    vpngroup testuser2 idle-time 1800
    vpngroup testuser2 password ********
     
    a2d, Feb 9, 2007
    #3
  4. a2d

    a2d Guest

    Please ignore, i got it figured out. Thanks so much for the tip!

    On Feb 9, 12:25 am, wrote:
    > On Feb 5, 3:05 pm, (Walter Roberson) wrote:
    >
    > > In article <>,

    >
    > > <> wrote:
    > > >Can someone help me? I would like to configure the individual user to
    > > >obtain a static IP via VPN, this is necessary so I can map to the
    > > >local printers at the client machine.

    >
    > > Give them an address-pool that consists only of the one address.
    > > Note that this requires that they be in a distinct vpngroup.
    > > I don't believe there is any way to assign an IP address from RADIUS
    > > for example (and I have no clue whether that kind of thing becomes
    > > possible in PIX 7.x .)

    >
    > Walter,
    >
    > Thank you so much for responding to my post; howeve, i am still unsure
    > what I needed to do command wise.
    >
    > if i am using the config below, how do i assign a static IP for each
    > user/group? in otherwords, how do i assign a specific IP address to
    > be used for each VPN group?
    >
    > access-list vpn_in permit ip 192.168.0.0 255.255.255.0 10.11.11.0
    > 255.255.255.0
    > ip local pool vpnclient 10.11.11.1-10.11.11.100
    > vpngroup testuser address-pool vpnclient
    > vpngroup testuser split-tunnel vpn_in
    > vpngroup testuser idle-time 1800
    > vpngroup testuser password ********
    > vpngroup testuser2 address-pool vpnclient
    > vpngroup testuser2 split-tunnel vpn_in
    > vpngroup testuser2 idle-time 1800
    > vpngroup testuser2 password ********
     
    a2d, Feb 9, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Edwin Dicker

    pix vpngroup no access to dmz

    Edwin Dicker, Feb 15, 2005, in forum: Cisco
    Replies:
    0
    Views:
    437
    Edwin Dicker
    Feb 15, 2005
  2. Replies:
    0
    Views:
    487
  3. Replies:
    6
    Views:
    818
  4. AM
    Replies:
    3
    Views:
    653
    2948g-l3 , BVI
    Feb 10, 2006
  5. saxophobe
    Replies:
    2
    Views:
    419
    Trendkill
    Sep 19, 2007
Loading...

Share This Page