Just thinking out loud Can you not assign the IP address to the AD user under the dial-in tab and then this gets passed to the Asa as part of the auth ?
Dave On 31.01.2013, at 17:53, "Bruno Silva" <[email protected]<mailto:[email protected]>> wrote: Well, I cannot use local database authentication and that's where I'm stucked at. It's not practical to have all the users from the Domain created manually in the ACS so this is not something I can do. I was wondering if it's possible to user any Radius AV-Pair in order to extract the ip address information from the Active-directory server somehow but I have never seen it. Does anyone have an idea? 2013/1/31 Adil Pasha <[email protected]<mailto:[email protected]>> Guys, This is a pretty cool topic. Just wondering is this part of v4? Still trying to grasp v4 topics. Best Regards. ______________________ Adil On Jan 31, 2013, at 9:42 AM, Kevin Sheahan <[email protected]<mailto:[email protected]>> wrote: Hi Bruno, Are you able to authenticate via local database? If so, you can use user attributes to assign the ip address on RA-VPN. username <userid> attributes vpn-framed-ip-address <ip address> <subnet mask> Hope I was helpful. -Kevin Sheahan On Thu, Jan 31, 2013 at 6:58 AM, Bruno Silva <[email protected]<mailto:[email protected]>> wrote: Hi guys, I hoppe you all can help me to find out a thing that's been a pain here. I'm using dinamic user mapping from active-directory to ACS and there are some specific users that must have a static ip address assigned to their profile after connecting to the VPN, ok, we can do that on ACS staticly after the user connect to the VPN because the username mapping is made and then we assign a static ip address to it but this is been a pain because ever since we have to do any change to the ACS server, the dynamic mapping is gone and then we have to rebuild this manually. I was wondering if there's anyway of doing a static ip assignment to a dynamic user mapping. First I though on doing this with radius but I could not find any option that allow me to do it so...Can anyone help me with that? thank you very much! -- Bruno Silva Network Consultant Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified Arcsight Professional Certified - ACIA/ACSA _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com/> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.platinumplacement.com/> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com> -- Bruno Silva Network Consultant Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified Arcsight Professional Certified - ACIA/ACSA _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
