I run a cisco asa5520 and MS Server 2008 NPS server for VPN access. I normally assign vpn ip addresses to individual users through User properties > Dial-in > Assign static address in Active Directory.
I need to assign different address pools to different groups using my NPS server.
a) I want to keep just one tunnel group
b) Assign different local ip pools based on NPS policy
I've found online that I can send: cisco-avpair="ip:addr-pool=pool1" from my NPS server. Obviously it is not working, or I would not be posting. Is there a setting on the ASA that I need to set so it will respond to the pool request?
I found someone say "client configuration address respond" works on the pix but I have no idea what the the equvalnt command is for ASA or if I even need it.
tunnel group settings:
To recap. My tunnel gets created but then disconnects immediately with the error unable to obtain IP address. Any help would be awesome.
I need to assign different address pools to different groups using my NPS server.
a) I want to keep just one tunnel group
b) Assign different local ip pools based on NPS policy
I've found online that I can send: cisco-avpair="ip:addr-pool=pool1" from my NPS server. Obviously it is not working, or I would not be posting. Is there a setting on the ASA that I need to set so it will respond to the pool request?
I found someone say "client configuration address respond" works on the pix but I have no idea what the the equvalnt command is for ASA or if I even need it.
tunnel group settings:
Code:
tunnel-group remote-vpn type ipsec-ra
tunnel-group remote-vpn general-attributes
authentication-server-group Radius_Group
default-group-policy default
tunnel-group remote-vpn ipsec-attributes
pre-shared-key *