Configure an IP Address Assignment Policy
The ASA can use one or more of the following methods for assigning IP addresses to remote access clients. If you configure more than one address assignment method, the ASA searches each of the options until it finds an IP address. By default, all methods are enabled.
-
aaa Retrieves addresses from an external authentication, authorization, and accounting server on a per-user basis. If you are using an authentication server that has IP addresses configured, we recommend using this method. This method is available for IPv4 and IPv6 assignment policies.
-
dhcp Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a DHCP server. You must also define the range of IP addresses that the DHCP server can use. This method is available for IPv4 assignment policies.
-
local Internally configured address pools are the easiest method of address pool assignment to configure. If you choose local, you must also use the ip-local-pool command to define the range of IP addresses to use. This method is available for IPv4 and IPv6 assignment policies.
-
Allow the reuse of an IP address so many minutes after it is released—Delays the reuse of an IP address after its return to the address pool. Adding a delay helps to prevent problems firewalls can experience when an IP address is reassigned quickly. By default the ASA does not impose a delay. This configurable element is available for IPv4 assignment policies.
-
Use one of the following methods to specify a way to assign IP addresses to remote access clients.
Configure IPv4 Address Assignments
Procedure
Enable an address assignment method for the ASA to use when assigning IPv4 address to VPN connections. The available methods to obtain an IP address are from a AAA server, DHCP server, or a local address pool. All of these methods are enabled by default. vpn-addr-assign {aaa | dhcp | local [reuse-delay minutes]} Example:For example, you can configure the reuse of an IP address for between 0 and 480 minutes after the IP address has been released.
This example uses the no form of the command to disable an address assignment method.
|
Configure IPv6 Address Assignments
Procedure
Enable an address assignment method for the ASA to use when assigning IPv6 address to VPN connections. The available methods to obtain an IP address are from a AAA server or a local address pool. Both of these methods are enabled by default. ipv6-vpn-addr-assign {aaa | local} Example:
This example uses the no form of the command to disable an address assignment method.
|
View Address Assignment Methods
Procedure
Use one of these methods to view the address assignment method configured on the ASA:
|