Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assigning ip address issue.

Billy_
Occasional Contributor
‎10-20-2008 11:07:PM
‎10-20-2008 11:07:PM

Assigning ip address issue.

Hi, team.

I wonder if this case is caused by IVE or Windows OS of NC client.

It occurs when NC user get an ip address whose account mapped more than one roles and ip pools of NC profile.

For example, username 'juniper' has two roles. (role#1, role#2)

Location of role#1 is higher than role#2 and "Stop processing rules when this rule matches" option is not used.

Each of roles have their own NC profile(ip pool).

It seems if entire ip addresses of role#1 are not available, user 'juniper' gets an IP ADDRESS from role#2's ip pool.

But next time user 'juniper' connects to IVE, it still gets the IP ADDRESS of role#2 which it had been assigned before ,even though some IP ADDR of role#1 are available.

What's the reason of this issue?

Thanks.

0 Kudos
2 REPLIES 2
Jickfoo_
Super Contributor
‎10-22-2008 05:12:AM
‎10-22-2008 05:12:AM

Re: Assigning ip address issue.

Hi Billy,

Any reason why you cant turn "Stop Processing" on ? You could also try a policy trace under troubleshooting during login, perhaps the is a different reason why the user isnt matching the previous policy. How about simply expaning the ip range ?

Good Luck..

0 Kudos
kenlars_
Super Contributor
‎10-22-2008 11:35:AM
‎10-22-2008 11:35:AM

Re: Assigning ip address issue.

I think I've observed something that might explain what you are seeing. Please understand that my explanation is speculation based on observation, and not based on knowledge of how MC works. Maybe someone else in the community has additional information.

I think that when a user is put into a role (or roles) for Network Connect and starts a session, the set of assignable addresses is generated. You can see this in a policy trace. My belief is that if the address assigned to the user in his or her most recent NC session is not in use and is in the set of assignable addresses (which it would be if the configuration was unchanged), that address is assigned to the user. If this is the user's first logon, or if the prior address is not free, the SA assigns the lowest address in the set of assignable addresses.

I've never assigned a user to multiple roles with NC, so this may affect the order. Maybe after it decides the prior address is not free, the SA assigns the lowest address from the set of assignable addresses from the first role, and only takes an address from the second role if the address pool for the first role is exhausted. But I think there is some "memory" about the most recent address assigned, and it is reassigned if available.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.