10-04-2012 08:54 AM
We have a customer who is running a specific thick application that requires the user to have the same IP address every time they attempt to authenticate to their servers. In the office this is not an issue since we can assign them a static IP and then do NAT based on that IP address. However, they need these users be able to VPN in and use the application.
Is there any way we can accomplish this with Global Protect? All I want to do is when the user connects in, to get the same IP address. The user will have one machine so we could do it by MAC address as well. I know the DHCP server can do this, but there doesn't seem to be any way in the VPN config.
The only solution I can think of is to use 8 different Global Protect Gateways (1 for each user) but that seems to be a rather bad solution.
10-04-2012 10:33 AM
At this time I don't think so you can achieve this by using a single GP gateway as you would not find this in the configuration under VPN settings.
The Ip-pool is the only way to assign the ip-address in the GP config.
10-19-2012 05:08 PM
Could you approach this with a unique source NAT when the user connects to global protect?
Something along the lines of this:
set rulebase nat rules GP-NAT source-translation static-ip bi-directional no
set rulebase nat rules GP-NAT source-translation static-ip translated-address <unique source address of GP user>
set rulebase nat rules GP-NAT to trust
set rulebase nat rules GP-NAT from gp-source-zone
set rulebase nat rules GP-NAT source gp-ip-pool
set rulebase nat rules GP-NAT destination application-server-address
set rulebase nat rules GP-NAT service "thick application"
set rulebase nat rules GP-NAT to-interface any
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!