B-22
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Enforcing Static IP Address Assignment for AnyConnect Tunnels
In this case we configure the AnyConnect client user Web1 to receive a static IP Address. We enter the
address in the Assign Static IP Address field of the Dialin tab on the AD LDAP server. This field uses
the msRADIUSFramedIPAddress attribute. We create an attribute map that maps it to the Cisco attribute
IETF-Radius-Framed-IP-Address.
During authentication, the adaptive security appliance retrieves the value of
msRADIUSFramedIPAddress from the server, maps the value to the Cisco attribute
IETF-Radius-Framed-IP-Address, and provides the static address to User1 .
This case applies to full-tunnel clients, including the IPSec client and the SSL VPN clients (AnyConnect
client 2.x and the legacy SSL VPN client).
Step 1 Configure the user attributes on the AD LDAP server.
Right-click on the user name. The Properties window displays (Figure B-6). Click the Dialin tab, check
Assign Static IP Address, and enter an IP address. For this case we use 3.3.3.233.
Figure B-6 Assign Static IP Address
Step 2
Create an attribute map for the LDAP configuration shown in Step 1.
In this case we map the AD attribute msRADIUSFrameIPAddress used by the Static Address field to the
Cisco attribute IETF-Radius-Framed-IP-Address.
For example:
hostname(config)# ldap attribute-map static_address
hostname(config-ldap-attribute-map)# map-name msRADIUSFrameIPAddress
IETF-Radius-Framed-IP-Address
To Next Page
Loading...
Need help?
General
