Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IKE/XAUTH VPN and Framed IP POOL

bengelly_
New Contributor
‎04-08-2009 02:17:AM
‎04-08-2009 02:17:AM

IKE/XAUTH VPN and Framed IP POOL

Hello community,

I have a bunch a of SSG-140 firewalls with ScreenOS 6.2.0r1.0 that I use as VPN concentrators for my clients.

My clients are what we can call "road warriors", so I have configured the firewalls with IKE (in order to use preshared keys, IKE users with U-FQDN) and XAUTH (to allow the use of a RADIUS server for authentication).

Each client has a dedicated IP Pool.

My problem is that when more than a client tries to connect at the same time to it's VPN, the same IP (the first of the ip pool) is sent back to the clients and they ultimatly get disconnected or cannot use the VPN anymore.

Here is a sample of a standard configuration on my firewalls :

set ippool "mezzo" 192.168.252.1 192.168.252.254

set user "mezzo_vpn" uid 6
set user "mezzo_vpn" ike-id u-fqdn "<removed>" share-limit 1
set user "mezzo_vpn" type ike
set user "mezzo_vpn" "enable"
set user-group "mezzo" id 8
set user-group "mezzo" location external
set user-group "mezzo" type xauth
set user-group "mezzo_IKE" id 6
set user-group "mezzo_IKE" user "mezzo_vpn"
#set ike gateway "mezzo_p1" dialup "mezzo_IKE" Aggr outgoing-interface "ethernet0/2" preshare <removed> proposal "pre-g2-des-sha" "pre-g2-3des-sha"
unset ike gateway "mezzo_p1" nat-traversal udp-checksum
set ike gateway "mezzo_p1" nat-traversal keepalive-frequency 5
set ike gateway "mezzo_p1" xauth server "radius-vpn" query-config user-group "mezzo"
set ike gateway "mezzo_p1" xauth accounting server "radius-vpn"
unset ike gateway "mezzo_p1" xauth do-edipi-auth
set vpn "mezzo_p2" gateway "mezzo_p1" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5" "nopfs-esp-3des-sha" "nopfs-esp-aes128-sha"
set vpn "mezzo_p2" monitor
set vpn "mezzo_p2" id 0x13 bind interface tunnel.8
set vpn "mezzo_p2" dscp-mark 0
set vpn "mezzo_p2" proxy-id local-ip 0.0.0.0/0 remote-ip 255.255.255.255/32 "ANY"

I have looked everywhere in the configuration trying to find where I should specify the IP POOL to use but nothing. I think that I need to set my user type to IKE + something in order to specify the client's IP POOL but I am sure not which one to choose.

Any clues ?

Thank you for your help.

Regards.

Message Edited by bengelly on 04-08-2009 02:19 AM
0 Kudos
1 REPLY 1
DanSmart_
Contributor
‎04-08-2009 12:21:PM
‎04-08-2009 12:21:PM

Re: IKE/XAUTH VPN and Framed IP POOL

Wrong forum. While this one is poorly named, its for the SA Appliance runing the IVE operating system. You need the firewall / ScreenOS forum for your question
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.