Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

1 Radius client into two location groups

Jickfoo_
Super Contributor
‎09-09-2008 06:22:AM
‎09-09-2008 06:22:AM

1 Radius client into two location groups

We have multiple companies using the same VPN Switch. We've created unique sign-in policies and 2 VPN groups going to different radius IP Addresses on the UAC.

We cant get this to work because we cant create 2 Radius clients using the same source IP and associate them to 2 different location groups.

Why does the Radius client have to be tied to a location group ? Do I have to use the location group if I have sign-in policies ?

We're confused.. Thanks..

0 Kudos
5 REPLIES 5
ManojReddy_
Contributor
‎09-09-2008 07:26:AM
‎09-09-2008 07:26:AM

Re: 1 Radius client into two location groups

>Why does the Radius client have to be tied to a location group ?

if you are not adding radius client to the location group(which inturn is tied to a sign-in policy), RADIUS requests from this orphan radius client are going to be dropped by IC because IC doesn't know which (sign-in policy, Realm and) Auth server to use for authenticating users coming in via radius client.

> Do I have to use the location group if I have sign-in policies ?

Yes. in otherwords you have to add Radius client to a location group and location group to a sign-in policy.

why don't you use different realms for each company and enable following settings for sign-in policy(after adding those realms to the sign-in policy):

"User may specify the realm name as a username suffix" and "Remove realm suffix before passing to authentication server"

Then create different realms/roles for different companies and use different auth server for each realm.

for this to work a user who belongs to realm "company1" will have to give username as [email protected] and "company2" realm user will have to give username as [email protected]

IC will strip off the @companyx from username when forwarding it to that companies auth server.

sounds good?

Message Edited by ManojReddy on 09-09-2008 07:57 PM
0 Kudos
Jickfoo_
Super Contributor
‎09-09-2008 07:39:AM
‎09-09-2008 07:39:AM

Re: 1 Radius client into two location groups

Thanks for your post.

I can't ask my employees to change their usernames for a variety of reasons.

I created multiple internal IP Addresses on the UAC. I am pointing each company to the distinct IP addresses in the sign in policy. This is how the UAC knows which Realm to apply to the incoming request. I'm surprised that I cant assign 2 location groups the same Radius Client.

Any other thoughts on how to make this happen ?

0 Kudos
ManojReddy_
Contributor
‎09-09-2008 10:13:PM
‎09-09-2008 10:13:PM

Re: 1 Radius client into two location groups

I understood you reservations in asking your users to change their usernames.

How users are trying to authenticate? are they using OAC or some other client for authentication?

I can suggest fewthings based on your response.

0 Kudos
Jickfoo_
Super Contributor
‎09-10-2008 04:57:AM
‎09-10-2008 04:57:AM

Re: 1 Radius client into two location groups

This particular issue is for users of the Nortel Contivity VPN client. We keep it around as a backup to Network Connect. It's curious to me that one radius client cannot hit 2 different sign on policies. I'd love you hear your suggestions but also wonder if this should be a feature enhancement request.

0 Kudos
ManojReddy_
Contributor
‎09-10-2008 06:18:AM
‎09-10-2008 06:18:AM

Re: 1 Radius client into two location groups

IC doesn't support the attaching a location group to multiple sign-in policies.

regarding enhancement request: please work with your Juniper SE or Juniper Marketing contact.

Message Edited by ManojReddy on 09-10-2008 06:49 PM
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.