Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA and Windows NPS as RADIUS server for VPN authentication

Status
Not open for further replies.

janwillemHL

IS-IT--Management
Sep 15, 2011
1
NL
Dear All,

I'm stuck with the following. I am trying to replace our ageing ACS server with a Microsoft NPS server to authenticate our VPN login at the Active Directory. That in itself is quite easy to do.
However..

I would like to assign an IP address from a pool on basis of group membership. So I created several IP address pools in the ASA config and thought I could use the Vendor Specific Radius attribute to select the pool.
I use the following attribute:

Cisco-AV-Pair="ip:addr-pool=xxxx"

whereby xxxx is the IP pool I would like to select.

The NPS server passes the attribute nicely to the ASA, but the ASA seems to ignore it completely and issues an ip address from the default pool.

Is this attribute not supported by the ASA?
Can this attribute be used to select a predefined pool? (or should I pass the pool in the same attribute).

Or am I trying to do something impossible?

Any help would be highly appreciated!

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top