Chapter 8 Establishing Cisco Secure ACS System Configuration
IP Pools Server
8-60
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
•
Resetting an IP Pool, page 8-65
•
Deleting an IP Pool, page 8-66
About IP Pools Server
If you are using VPNs you may have to overlap IP address assignments; that is, it
may be advantageous for a PPTP tunnel client within a given tunnel to use the
same IP address as that used by another PPTP tunnel client in a different tunnel.
The IP Pools Server feature enables you to assign the same IP address to multiple
users, provided that the users are being tunnelled to different home gateways for
onward routing beyond the boundaries of your own network. This means you can
conserve your IP address space without having to resort to using illegal addresses.
When you enable this feature, Cisco Secure ACS dynamically issues IP addresses
from the IP pools you have defined by number or name. You can configure up to
999 IP pools, for approximately 255,000 users.
If you are using IP pooling and proxy, all accounting packets are proxied so that
the Cisco Secure ACS that is assigning the IP addresses can confirm whether an
IP address is already in use.
Note
IP pool definitions are not replicated by the CiscoSecure Database Replication
feature; however, user and group assignments to IP pools are replicated. By not
replicating IP pool definitions, Cisco Secure ACS avoids inadvertently assigning
an IP address that a replication partner has already assigned to a different
workstation. To support IP pools in a AAA environment that uses replication, you
must manually configure each secondary Cisco Secure ACS to have IP pools with
names identical to the IP pools defined on the primary Cisco Secure ACS.
To use IP pools, the AAA client must have network authorization (in IOS, aaa
authorization network) and accounting (in IOS, aaa accounting) enabled.
Note
To use the IP Pools feature, you must set up your AAA client to perform
authentication and accounting using the same protocol—either or
RADIUS.