Static IP for GP User

Reply
L4 Transporter

Static IP for GP User

hey,

 

i have a requirement from a customer for some users to always have the same ip when they connect to the VPN for example if the IP Pool for the GP clients is: 192.168.x.110 where x will be 10-15 depends on which GP GW you are connected to.

 

i have managed to configure using specific client settings for example for user A ip pool is 192.168.10.10-192.168.10.10 the problem with this is that the client use split tunnel, and if i follow this road i will need to configure all those access routes on each client settings meaning, for adding 1 network on my lan i will need to configure it on each GP GW and on each client settings can be reached up to 100 changes for 1 network subnet.

 

i have seen the registry key for the reserved ip address but what happen if the user connect to the PA on another site in which this ip is not relevant.

 

i have also seen the "retrieve framed ip address attribute from authentication server" but cannot find documentation on how it works. i think it might be a solution. clients authenticating with SAML with the GP GW, so if the framed ip will be list of addresses and each GP GW will choose the i according to the "authentication server ip pool"

 

thanks

L4 Transporter

Re: Static IP for GP User

Hello there

 

A quick google search show that Framed IP address comes from Radius Authentication, and the auth server responding with the IP/

 

You are right, the Framed-IP-Address attributes are designed to give a fixed IP Address to an user.

Basically you have two methods to give a fixed IP address to an user.

1. You can configure the Framed-IP-Address in the Network policy in NPS.

2. You can assign the static(Fixed) IP address in the dail-in property of the user in the AD from the Active directory users and computers UI.

 

 

L7 Applicator

Re: Static IP for GP User

Hello,

Just curious as to why they need the same IP address each time? Perhaps there is another method to achieve what you are looking for?

 

If you have specific policies for them, you can use user-id instead and then it doesnt matter what IP they get.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!