Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Use address pool from RADIUS with concentrator 3005

Status
Not open for further replies.
Farmoor

Farmoor

IS-IT--Management
Apr 3, 2003
11
SE
Hello again :)

I have the following configuration:
Cisco VPN concentrator 3005 (latest software)
Cisco VPN Client (latest version)
Windows 2000 advanced server running both IAS (RADIUS) and Active Directory

I can authenticate users via RADIUS and so on, but I don't know how to assign an IP pool to users connecting through the concentrator. I could use the concentrators' internal pool, but I want to control resource access by IP addresses and that would make the internal pool solution rather worthless (since the idea with using RADIUS is centralized management). So, does anyone know how to send back IP addresses with RADIUS for groups configured in Active Directory? (It is easy to set on a per-user basis, but that won't be happening since there will be quite a lot of users).

Many thanks in advance
Farmoor
 
Sort by date Sort by votes
i dont know the answer to your particular question but i wanted to ask YOu a question....

how did you position your concentrator in your network?

did you put in before or after your firewall??

thanks
 
Upvote 0 Downvote
Right now this configuration is in a laboratory environment, so there is no firewall. However, we have reached the conclusion that the firewall should be placed after the concentrator, and the firewall will then control access to resources in the network based on IP addresses. That is actually the main reason why I need to get the IP pool working via RADIUS.
 
Upvote 0 Downvote
I know this thread is quite old, but did you ever get RADIUS to assign the ip addresses by group. I am currently doing the same thing as you have outlined, and do not want to re-invent the wheel.

Thanks in advance.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
908
iggsterman
iggsterman
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
460
iggsterman
iggsterman
goombawaho
  • Locked
  • Question
IP address conflict
Replies
7
Views
242
goombawaho
goombawaho
lecarbajal
  • Locked
  • Question
Policy NAT for traffic coming from VPN L2L
Replies
0
Views
67
lecarbajal
lecarbajal
unssupport
  • Locked
  • Question
Recommendation for VPN client router dynamic WAN IP address
Replies
1
Views
71
cflcrosland
cflcrosland

Part and Inventory Search

Sponsor

Back
Top