janwillemHL
IS-IT--Management
Dear All,
I'm stuck with the following. I am trying to replace our ageing ACS server with a Microsoft NPS server to authenticate our VPN login at the Active Directory. That in itself is quite easy to do.
However..
I would like to assign an IP address from a pool on basis of group membership. So I created several IP address pools in the ASA config and thought I could use the Vendor Specific Radius attribute to select the pool.
I use the following attribute:
Cisco-AV-Pair="ip:addr-pool=xxxx"
whereby xxxx is the IP pool I would like to select.
The NPS server passes the attribute nicely to the ASA, but the ASA seems to ignore it completely and issues an ip address from the default pool.
Is this attribute not supported by the ASA?
Can this attribute be used to select a predefined pool? (or should I pass the pool in the same attribute).
Or am I trying to do something impossible?
Any help would be highly appreciated!
I'm stuck with the following. I am trying to replace our ageing ACS server with a Microsoft NPS server to authenticate our VPN login at the Active Directory. That in itself is quite easy to do.
However..
I would like to assign an IP address from a pool on basis of group membership. So I created several IP address pools in the ASA config and thought I could use the Vendor Specific Radius attribute to select the pool.
I use the following attribute:
Cisco-AV-Pair="ip:addr-pool=xxxx"
whereby xxxx is the IP pool I would like to select.
The NPS server passes the attribute nicely to the ASA, but the ASA seems to ignore it completely and issues an ip address from the default pool.
Is this attribute not supported by the ASA?
Can this attribute be used to select a predefined pool? (or should I pass the pool in the same attribute).
Or am I trying to do something impossible?
Any help would be highly appreciated!