CiscoSecure and Dialup Pools

CiscoSecure and Dialup Pools

Post by Jan Van Ha » Tue, 26 Oct 1999 04:00:00



Hi,

I've had the problem that users could enter their own IP address and dial in
with possible network errors as a result (when they would enter the IP
address of the mailserver or dns etc...duplicate IP-address ;-))

I've found a way the prevent this with CiscoSecure 2.1 (wich we run as an
AAA-platform) by specifying a POOL in the dialog-box for a certain
group...the problem now is this :

User can dial into different NAS'ses located in different cities...all
locations use different POOLS and so since all users are grouped in
CiscoSecure I have a pool problem:

Suppose UserA is in a CiscoSecure group General_Users and this group *MUST*
use Pool A
Pool A (city A)    : 192.168.200.0
Pool B (city B)     : 192.168.201.0

When UserA dials into the NAS, suppose he get 192.168.200.1 ... all works
fine ;-)
When he/she is on the move and dial into the other NAS in CityB he/she STILL
gets a Pool A address because of the CiscoSecure GROUP that userA is related
to!!!!

How can you solve such problems ???
We want our user to be able to dial into ANY NAS, but *NOT* be able to use
own IP-address...so they have to be "rejected" on dialin...

Any ideas ???

Jan

 
 
 

1. CiscoSecure & IP pool

I have CiscoSecure running on an NT with an AS5300 as the dialin.  Lately,
with no configuration changes in the AS5300,  I have dialup clients that
can't get to a class "B" network.  The AS5300 can and the entire network is
known to all none dialup clients.  The problem is also intermittent.
Sometimes they can see it and sometimes not.  The dialups can also see
everything else on the network.

Callers have an IP addresses assigned from an IP pool on Ciscosecure.  The
server that CiscoSecure was on had problems a couple of weeks ago.  However,
I cannot find anything different about the configs.

Has anyone experienced anything similar.  It looks like the routing gets
lost but debug ppp negotiation shows it assigned in the routing table along
with sho ip route on the AS5300.  I suspect the NT box still has some
weirdness but I am not knowledgeable enough about NT to troubleshoot it and
our NT folks aren't being very helpful.

Ray

2. HELP! Active directory contol panels inoperable

3. Tacacs+/Ciscosecure address pools

4. EnableViewState on a ListBox only works when inheriting directly from System.Web.UI.Page

5. IP address pool on CiscoSecure RADIUS server

6. microsoft too big to fight?

7. CiscoSecure and IP Pools

8. Alternate Reality...PLEASE!

9. Force dialup users to use IP pool?

10. Dialup router pool using P25/P50's?

11. ppp dialup over a remote modem pool via TCPIP

12. Unable to ping dialup server after dialup, help!