If you take a look at this lesson you will see how the IP address is assigned to the remote client:
In this particular case, an
ip local pool is created from which IP addresses can be assigned. Now the method of assigning addresses can be modified using the
vpn-addr-assign command. In the above example, the command
vpn-addr-assign local is used, which tells the ASA to assign addresses using the predefined local pool.
However, you have other choices that you can use for assigning addresses, such as using AAA or DHCP. These are further described in the following Cisco documentation:
In order to reserve a particular IP address for a specific host, you can do one of the following:
- Create an IP pool of a single address and have a single tunnel group correspond to a single user. This is useful if you have very few users, as it is not easily scalable.
- You can use AAA and retrieve the address to be used from an external AAA server on a per user basis. If you are using an authentication server anyway, this is the best way to do it.
- use DHCP obtaining addresses from a dhcp server.
All of the above can be configured using the
vpn-addr-assign command shown above.
I hope this has been helpful!