Assign static address to a VPN user (from IOS router)

Discussion in 'Cisco' started by jmarkotic, Oct 29, 2003.

  1. jmarkotic

    jmarkotic Guest

    I'm trying to assing a static ip address for a VPN user connecting with
    Cisco VPN client to an IOS router. With ip pools it works just fine.
    I tried configuration with and without radius but I just can't seem to find
    a way to assign static ip to a user. All examples I could find were with ip

    Config without radius:
    aaa authentication login autentifikacija_korisnika group radius local
    aaa authorization network autorizacija_grupe local
    crypto isakmp client configuration group mygroup
    key mykey
    domain xxxxxxxx.xx
    pool my_pool
    acl 199
    crypto map klijentska_mapa client authentication list
    crypto map klijentska_mapa isakmp authorization list autorizacija_grupe
    crypto map klijentska_mapa client configuration address respond
    crypto map klijentska_mapa 10 ipsec-isakmp dynamic dinamicka_mapa

    With radius, when group and user are defined on radius server.
    Well, it's pretty much the same with user/group defined on server.

    jmarkotic, Oct 29, 2003
    1. Advertisements

  2. [no static addresses for vpn-user]

    Hi Jura,

    I have the same problem and have not found a way to do this yet.
    Fortunately we haven't so many user who need fixed ip addresses. For
    this user I use the work-around to configure separate groups with
    pools containig just one ip address.

    Norbert H. Kunth, Oct 30, 2003
    1. Advertisements

  3. jmarkotic

    jmarkotic Guest

    Yes, that's exactly what I did, but I guess there is no some elegant way to
    assign static ip address. Most of our users need static ip address (because
    of some definition with printers), so router configuration looks rather


    jmarkotic, Oct 30, 2003
  4. create a second pool and a second group with only one address. the user
    will use the group "solopool" with a passkey of "mysolokey" with their
    standard username and password. they will always be assigned an address of

    ip local pool solo_pool

    crypto isakmp client configuration group solopool
    key mysolokey
    domain xxxxxxxx.xx
    pool solo_pool
    acl 199

    Claude LeFort, Nov 4, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.