I have configured an ip pool with private addresses for the network connect users and i was wondering if it possible to assign specific
IPs to the users and not receiving random from the dhcp server of the ssl device.
if you search for posts by me i have asked this question and i was told that i can use a RADIUS attribute to assign the static ip i have not gotten around to trying that approach but may be you can test it for me
I have done this successfully.
For a role in which users are to be assigned the IP address in the Radius assignedaddress attribute, use the following in the IP address pool section of the NC profile -
Make sure the range of addresses to be used is defined in the Network section of the configuration, and do not assign that range to other roles - use it only for static addresses.
ken so after i set this up will my IP address Pool window show this config
or when you say network configuration you mean in the IVS and IVE network configuration?
I had the wrong name for the attribute - it would look like
I think you might need to do something special because the IVE sees the "-" as a special character. I think you might need -
Try it both ways, and see which one works.
I have a mix of users, some of which have static IP addresses and some of which do not. Let's say that my static address users were in 10.1.1.0/24 and my "normal" users were to be put in 10.1.2.0/24. On my network settings for Network Connect, I would need both subnets specified -
On my NC profile, I would want -
A user with an assigned static address would choose the first one, and get the address specified in the Radius attribute. A user with no assigned address would skip over the first and use the second specification - that is, be assigned an address from the 10.1.2.0/24 pool.
If you assign a new static address to a user, or delete the static address from the user, you would need to delete the user's record from the IVE. This ie because the IVE "remembers" the last address assigned and uses it on the next session if it is available.
I have just tried with "userAttr.Framed-IP-Address" variable in NC profile, however, it did not work for me. I configured as following.
On authentication manager, I assigned 10.10.20.123 to user's profile.
On SA4500 under NC profile, IP Pool, I put
Everytime, I got 10.10.10.101 instead of 10.10.20.123, do you have any idea? I did troubleshooting by policy tracing and found the assigned IP 10.10.20.123 from authentication manager in variable "userAttr.Framed-IP-Address". What wrong I did? Please help, thank you very much.
Just have time to try and it works now, don't know why it did not work earlier. So confirm that we can use variable
<userAttr.Framed-IP-Address> from authen manager with IP assignment under NC profile.
I have an idea of what may have happened, but I don't know of any way to determine if that is what happened to you
If you had logged in at some time before setting up the fixed ip address and gotten the 10.10.10.101 address, then the next time you logged in - even if you specified the static address - the IVE will remember that you had the 10.10.10.101 address before and assign it to you again, since it is an allowable address.
I created a new role for users with static addresses and had only the "<userAttr.assignedaddress>" in the IP Addresses parameter for the NC connection profile assigned to that role. This forces the user to the static address in the Radius response.