Bruno,

Why don't you setup LDAP authentication on ASA instead of RADIUS? Then you can use almost any attribute from AD. I've never tried this with IP address but I think it may work.

example:

ldap attribute-map MAP
 map-name  Some-AD-Attrib IETF-Radius-Framed-IP-Address

and so on...

Regards,
Piotr


On 1/31/13 5:37 PM, Bruno Silva wrote:
Well, I cannot use local database authentication and that's where I'm stucked at.

It's not practical to have all the users from the Domain created manually in the ACS so this is not something I can do. I was wondering if it's possible to user any Radius AV-Pair in order to extract the ip address information from the Active-directory server somehow but I have never seen it.

Does anyone have an idea?

2013/1/31 Adil Pasha <[email protected] <mailto:[email protected]>>

    Guys,
    This is a pretty cool topic. Just wondering is this part of v4?
    Still trying to grasp v4 topics.


    Best Regards.
    ______________________
    Adil

    On Jan 31, 2013, at 9:42 AM, Kevin Sheahan <[email protected]
    <mailto:[email protected]>> wrote:

    Hi Bruno,

    Are you able to authenticate via local database? If so, you can
    use user attributes to assign the ip address on RA-VPN.

    username <userid> attributes
    vpn-framed-ip-address <ip address> <subnet mask>

    Hope I was helpful.

    -Kevin Sheahan


    On Thu, Jan 31, 2013 at 6:58 AM, Bruno Silva
    <[email protected] <mailto:[email protected]>> wrote:

        Hi guys,

        I hoppe you all can help me to find out a thing that's been a
        pain here. I'm using dinamic user mapping from
        active-directory to ACS and there are some specific users
        that must have a static ip address assigned to their profile
        after connecting to the VPN, ok, we can do that on ACS
        staticly after the user connect to the VPN because the
        username mapping is made and then we assign a static ip
        address to it but this is been a pain because ever since we
        have to  do any change to the ACS server, the dynamic mapping
        is gone and then we have to rebuild this manually.

        I was wondering if there's anyway of doing a static ip
        assignment to a dynamic user mapping. First I though on doing
        this with radius but I could not find any option that allow
        me to do it so...Can anyone help me with that?

        thank you very much!

-- Bruno Silva
        Network Consultant
        Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
        Arcsight Professional Certified - ACIA/ACSA

        _______________________________________________
        For more information regarding industry leading CCIE Lab
        training, please visit www.ipexpert.com
        <http://www.ipexpert.com/>

        Are you a CCNP or CCIE and looking for a job? Check out
        www.PlatinumPlacement.com <http://www.platinumplacement.com/>


    _______________________________________________
    For more information regarding industry leading CCIE Lab
    training, please visit www.ipexpert.com <http://www.ipexpert.com>

    Are you a CCNP or CCIE and looking for a job? Check out
    www.PlatinumPlacement.com <http://www.PlatinumPlacement.com>




--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to