Static IP for GP User

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Static IP for GP User

L4 Transporter



i have a requirement from a customer for some users to always have the same ip when they connect to the VPN for example if the IP Pool for the GP clients is: 192.168.x.110 where x will be 10-15 depends on which GP GW you are connected to.


i have managed to configure using specific client settings for example for user A ip pool is the problem with this is that the client use split tunnel, and if i follow this road i will need to configure all those access routes on each client settings meaning, for adding 1 network on my lan i will need to configure it on each GP GW and on each client settings can be reached up to 100 changes for 1 network subnet.


i have seen the registry key for the reserved ip address but what happen if the user connect to the PA on another site in which this ip is not relevant.


i have also seen the "retrieve framed ip address attribute from authentication server" but cannot find documentation on how it works. i think it might be a solution. clients authenticating with SAML with the GP GW, so if the framed ip will be list of addresses and each GP GW will choose the i according to the "authentication server ip pool"




Cyber Elite
Cyber Elite

Hello there


A quick google search show that Framed IP address comes from Radius Authentication, and the auth server responding with the IP/


You are right, the Framed-IP-Address attributes are designed to give a fixed IP Address to an user.

Basically you have two methods to give a fixed IP address to an user.

1. You can configure the Framed-IP-Address in the Network policy in NPS.

2. You can assign the static(Fixed) IP address in the dail-in property of the user in the AD from the Active directory users and computers UI.



Help the community: Like helpful comments and mark solutions

Cyber Elite
Cyber Elite


Just curious as to why they need the same IP address each time? Perhaps there is another method to achieve what you are looking for?


If you have specific policies for them, you can use user-id instead and then it doesnt matter what IP they get.



L0 Member

If you are using VPN server then you need a correct proper static ip. the relevant bandwidth router will help you to get a smooth connectivity. you can setup the router by help of linksys e1200 setup . 

your static ip of your router and connection should be match otherwise there will be difficulty to set up a router. by any reason you have to check the secure server. 

Hey Steve,


Can you link any documentation about how and where  can i configure the first option? I mean this one:


1. You can configure the Framed-IP-Address in the Network policy in NPS.


Best Regards,





Does this help you out a little?



Help the community: Like helpful comments and mark solutions

L4 Transporter



he need the same IP for some admin users, since the IP is open for access via some ACL according to their IP address.

the customer is using saml, can we forward this information from Azure if we use saml authentication ? 

In case anyone wants more info about this, a Blog has been written about this subject here:


Please be sure to check it out.

LIVEcommunity team member
Stay Secure,
Don't forget to Like items if a post is helpful to you!
  • 7 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!