I have been working with implementing a PIX 515 in a failover
configuration using IOS 6.0.1. What I am trying to attempt is to have
users create a VPN tunnel (either PPTP or IPsec using Cisco Client
3.0), have AAA Authenticate them, apply an access list to them to
control their access, and finally assign them an IP Address based on
their username. I have gotton everything working except the static ip
assignment using the following config:
Cisco ACS Server 2.6 running on Win2k Server, TACACS+ configed
IPSec client, using IPsec vpngroup command
I apply acls to the groups through ACS and it works.
I am wondering if the PIX has the capability to assign IP Addresses
based on username. I know a VPN Concentrator would do it, but this is
for such a small pool of users it would be a waste of money (and rack
space!!!). If anyone could assist me, it would be greatly appreciated.
- Mike Bullock