Bruno,
Why don't you setup LDAP authentication on ASA instead of RADIUS? Then
you can use almost any attribute from AD. I've never tried this with IP
address but I think it may work.
example:
ldap attribute-map MAP
map-name Some-AD-Attrib IETF-Radius-Framed-IP-Address
and so on...
Regards,
Piotr
On 1/31/13 5:37 PM, Bruno Silva wrote:
Well, I cannot use local database authentication and that's where I'm
stucked at.
It's not practical to have all the users from the Domain created
manually in the ACS so this is not something I can do. I was wondering
if it's possible to user any Radius AV-Pair in order to extract the ip
address information from the Active-directory server somehow but I
have never seen it.
Does anyone have an idea?
2013/1/31 Adil Pasha <[email protected] <mailto:[email protected]>>
Guys,
This is a pretty cool topic. Just wondering is this part of v4?
Still trying to grasp v4 topics.
Best Regards.
______________________
Adil
On Jan 31, 2013, at 9:42 AM, Kevin Sheahan <[email protected]
<mailto:[email protected]>> wrote:
Hi Bruno,
Are you able to authenticate via local database? If so, you can
use user attributes to assign the ip address on RA-VPN.
username <userid> attributes
vpn-framed-ip-address <ip address> <subnet mask>
Hope I was helpful.
-Kevin Sheahan
On Thu, Jan 31, 2013 at 6:58 AM, Bruno Silva
<[email protected] <mailto:[email protected]>> wrote:
Hi guys,
I hoppe you all can help me to find out a thing that's been a
pain here. I'm using dinamic user mapping from
active-directory to ACS and there are some specific users
that must have a static ip address assigned to their profile
after connecting to the VPN, ok, we can do that on ACS
staticly after the user connect to the VPN because the
username mapping is made and then we assign a static ip
address to it but this is been a pain because ever since we
have to do any change to the ACS server, the dynamic mapping
is gone and then we have to rebuild this manually.
I was wondering if there's anyway of doing a static ip
assignment to a dynamic user mapping. First I though on doing
this with radius but I could not find any option that allow
me to do it so...Can anyone help me with that?
thank you very much!
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
_______________________________________________
For more information regarding industry leading CCIE Lab
training, please visit www.ipexpert.com
<http://www.ipexpert.com/>
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com <http://www.platinumplacement.com/>
_______________________________________________
For more information regarding industry leading CCIE Lab
training, please visit www.ipexpert.com <http://www.ipexpert.com>
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com <http://www.PlatinumPlacement.com>
--
Bruno Silva
Network Consultant
Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified
Arcsight Professional Certified - ACIA/ACSA
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
