Cisco ASA 5505 Configuration Manual page 1754
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring an External LDAP Server
Enforcing Static IP Address Assignment for AnyConnect Tunnels
In this case we configure the AnyConnect client user Web1 to receive a static IP Address. We enter the
address in the Assign Static IP Address field of the Dialin tab on the AD LDAP server. This field uses
the msRADIUSFramedIPAddress attribute. We create an attribute map that maps it to the Cisco attribute
IETF-Radius-Framed-IP-Address.
During authentication, the adaptive security appliance retrieves the value of
msRADIUSFramedIPAddress from the server, maps the value to the Cisco attribute
IETF-Radius-Framed-IP-Address, and provides the static address to User1 .
This case applies to full-tunnel clients, including the IPSec client and the SSL VPN clients (AnyConnect
client 2.x and the legacy SSL VPN client).
Configure the user attributes on the AD LDAP server.
Step 1
Right-click on the user name. The Properties window displays
Assign Static IP Address, and enter an IP address. For this case we use 3.3.3.233.
Figure B-6
Create an attribute map for the LDAP configuration shown in
Step 2
In this case we map the AD attribute msRADIUSFrameIPAddress used by the Static Address field to the
Cisco attribute IETF-Radius-Framed-IP-Address.
For example:
hostname(config)# ldap attribute-map static_address
hostname(config-ldap-attribute-map)# map-name msRADIUSFrameIPAddress
IETF-Radius-Framed-IP-Address
Cisco ASA 5500 Series Configuration Guide using ASDM
B-22
Appendix B
Assign Static IP Address
Configuring an External Server for Authorization and Authentication
(Figure
B-6). Click the Dialin tab, check
Step
1.
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
