Hi, We just purchased a MAG 2600 SSL remote access box, it worked great for simple remote access configuration, but we want to configure it beyond basic ... We are implementing an unified role-based access control for wired/wireless and remote VPN access, this idea is that we use central DHCP server (running on MS AD/DC), use Radius to dynamically assign VLANs based on user group and then apply ACLs on different VLANs in the gateway router (we use internal tools to generate such ACLs based on role/resource definition), that worked well for wirelss and wired access. Now we want to extend this to remote access VPN, I am having hard time to get this to work on MAG2600, this is what I've done:

I created a VLAN on MAG2600 internal interface (seems like that VLANs are automatically created out of internal interface), match a group to this VLAN, define network connection profile which spefies internal DHCP server for IP address assignment for this VLAN, on the switch side's L3 VLAN interface, ip helper address is configured to relay DHCP request to internal domain controller. When I login, I was matched correctly to the correct AD group, yet MAG2600 did not assign the correct IP address, instead it falls back to MAG2600's internal address pool. I did a litle research, seems that MAG2600 is sending DHCP request from default internal interface IP in stead of it VLAN interface IP, that would obviously fail DHCP process.

Another question I have is this "Network Connect Server IP" concept, seems that this IP address is a gateway for all remote clients and only one such address (which has to be on the same subnet as internal interface) can be configured. If I ever can get the above VLAN/DHCP working, which default-gateway IP address should I configure on DHCP server?