Hi all It seems the order of precedence for IP address assignments for ASA and IOS.
Snippet from http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr_ps6441_TSD_Products_Configuration_Guide_Chapter.html Configuring an Easy VPN Server to Obtain an IP Address from a DHCP Server When the Easy VPN server selects the method for address assignment, it does so in the following order of precedence: *1. *Selects the Framed IP address *2. *Uses the IP address from the authentication server (group/user) *3. *Uses the global IKE address pools *4. *Uses DHCP Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpnadd.html Configuring an IP Address Assignment Method The security appliance can use one or more of the following methods for assigning IP addresses to remote access clients. If you configure more than one address assignment method, the security appliance searches each of the options until it finds an IP address. By default, all methods are enabled. To view the current configuration, enter the *show running-config all vpn-addr-assign *command. •aaa*—*Retrieves addresses from an external authentication server on a per-user basis. If you are using an authentication server that has IP addresses configured, we recommend using this method. •dhcp*—*Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a DHCP server. You must also define the range of IP addresses that the DHCP server can use. •*local**—*Use an internal address pool. Internally configured address pools are the easiest method of address pool assignment to configure. If you choose local, you must also use the *ip-local-pool* command to define the range of IP addresses to use. To specify a method for assigning IP addresses to remote access clients, enter the vpn-addr-assign command in global configuration mode. The syntax is vpn-addr-assign {aaa | dhcp | local}. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
