Update.
>
> I'm not entirely sure if the VPN virtual adapter uses a random NIC or
> just aliases off the exiting physical interface. That being said, you
> can use an external DHCP server with a reservation as a possible option
> or per-user RADIUS static IP assignment.
>
> Personally I would leverage LDAP and apply policies based on a ldap
> attribute-map. Then you have the option of assigning a block of
> addresses to sets of users, or a single user. Once the users are split
> into groups, you can apply vpn-filters to the groups. This will keep
> your outside ACL clean and still allow you to apply security policies
> to each of the groups. The vpn-filter also ignores IPSec pass-through,
> which is enabled by default.
>
> If you want to use local usernames, you can still force them into a
> group policy individually.
>
Another user on the list posted the use of "vpn-framed-ip-address" command in the "username xxx attributes" menu.
Thanks,
-ryan
Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 05 2010 - 16:10:53 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART