VPN concentrator and reverse ip address based on MAC address

Associate
Joined
5 Dec 2005
Posts
142
VPN concentrator and reserve ip address based on MAC address

I have not configured VPN before, we have got Cisco VPN concentrator 3000 at work , it is working fine.

I have got mobile PC (with Cisco PC client ) that is looking to access its correspondent server in the DMZ area (192.168.101.204) at work 's network, through VPN concentrator.

How can i reserver an internal ip for that mobile PC based on its MAC address,,,the reason I am doing that to reserve the specific private ip address for that mobile PC

We use safeword Token for authentication

How can I configure that on VPN ?

On PIX, I have got no problem to configure ACL from inside to DMZ.
 
Last edited:
I found this :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

under the heading below
Assign a Specific IP Address to a User
----------------------------------------
In order to assign a static IP address for the remote VPN user every time they connect to the VPN 3000 Series Concentrator, choose: Configuration > User Management > Users > Modify ipsecuser2 > identity.

My question i am using production box (to avoid screw up whole system), does it affect if i want to create a specific group and assign specific ip address to a user

On my PIX (VPN running paralled to the PIX, i.e it is not behind nor inforn of the PIX) what I have got these lines of configurations which are related to the VPN concentrator

nat (inside) 1 10.2.2.0 255.255.255.0 0 0,,,,,,,,ip for VPN pool as seen in figure
nat (inside) 1 172.168.1.0 255.255.255.0 0 0,,,,,,,,,not related to VPN
nat (inside) 1 192.168.0.0 255.255.0.0 0 0,,,,,,,,,not related to VPN

global (outside) 1 10.1.1.150-10.1.1.155
global (outside) 1 10.1.1.156

route inside 10.2.2.0 255.255.255.0 192.168.55.254 1,,,,,,,,,,,,,192.168.55.254, is the VPN Ethernet 1 ip address.

http://img204.imageshack.us/img204/7306/vpnpooleu1.jpg

What I am thinking to do, are below (please any comment) :

1- I want to modify the current group (see my VPN figure ) to be from range 10.2.2.1-10.2.2.9 instead of 10.2.2.1-10.2.2.10
2- Create another group called : " mobile_users "
3- Create a user called : " commuter "
4- Assign the user " commuter " to the group " mobile_user "
5- Assign ip address 10..2.2.2 to the user " commuter "

6- In the cisco site that I have posted , it syas: tick option for " User address from Authentication Server ",,,,I do not think this will apply to me ?

again since I am using production box, I have to assure that the modification above does not screw up the whole system
 
Back
Top Bottom