Assigning VPN User a Static IP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Assigning VPN User a Static IP

L1 Bithead

We have a customer who is running a specific thick application that requires the user to have the same IP address every time they attempt to authenticate to their servers. In the office this is not an issue since we can assign them a static IP and then do NAT based on that IP address. However, they need these users be able to VPN in and use the application.

Is there any way we can accomplish this with Global Protect? All I want to do is when the user connects in, to get the same IP address. The user will have one machine so we could do it by MAC address as well. I know the DHCP server can do this, but there doesn't seem to be any way in the VPN config.

The only solution I can think of is to use 8 different Global Protect Gateways (1 for each user) but that seems to be a rather bad solution.

2 REPLIES 2

L4 Transporter

Hello,

At this time I don't think so you can achieve this by using a single GP gateway as you would not find this in the configuration under VPN settings.

The Ip-pool is the only way to assign the ip-address in the GP config.

Regards

Parth

L5 Sessionator

Could you approach this with a unique source NAT when the user connects to global protect?

Something along the lines of this:

set rulebase nat rules GP-NAT source-translation static-ip bi-directional no

set rulebase nat rules GP-NAT source-translation static-ip translated-address <unique source address of GP user>

set rulebase nat rules GP-NAT to trust

set rulebase nat rules GP-NAT from gp-source-zone

set rulebase nat rules GP-NAT source gp-ip-pool

set rulebase nat rules GP-NAT destination application-server-address

set rulebase nat rules GP-NAT service "thick application"

set rulebase nat rules GP-NAT to-interface any

  • 3167 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!