[j-nsp] Juniper SA SSL VPN static ip for user

Rehan Rafi Khan rrk.cse at gmail.com
Sun Feb 5 07:28:01 EST 2012 

Hello Again,

Just came across a KB article on Juniper KB (as per the highlighted part I
think its not do able except if you create separate roles and realms which
will be not scalable):


   1. What is the hold/release time the IVE has on NC IP Pool IP Addresses?
   For example, user "A" logs in and gets assigned the IP address 1.1.1.1.
   Tomorrow user "A" gets the same IP address. How long does the IVE hold that
   IP for user "A", as long as there are plenty of IP addresses in the pool?
   *Answer*: 24 hours   (*Also, it is not a configurable option; it is
   hard-coded*.)







On Sun, Feb 5, 2012 at 3:15 PM, Maciej Jan Broniarz <gausus at gausus.net>wrote:

> On Sun, Feb 05, 2012 at 02:53:02PM +0300, Rehan Rafi Khan wrote:
>
> Hello,
>
> > Are you looking this for network connect session? For network connect you
> > need to define pool of addresses, else I believe it will be not
> achievable.
> >
>
> Yes, i have a poll of addresses for users that connect using Network
> Connect.
> I need that each user will recive the same ip from the pool every time he
> connects
>
> All best,
> mjb
>
> > On Sun, Feb 5, 2012 at 2:39 PM, Maciej Jan Broniarz <gausus at gausus.net
> >wrote:
> >
> > > On Sat, Feb 04, 2012 at 07:11:25PM -0800, Jonathan Lassoff wrote:
> > > > On Sat, Feb 4, 2012 at 6:42 PM, Barny Sanchez <barnys at juniper.net>
> > > wrote:
> > > > > the suggestion from Jof is clever but it doesn't scale. I am afraid
> > > that you would require of an external device to help you accomplish
> this,
> > > such as using a Radius and Attribute Value Pairs (AVP) to send back to
> the
> > > SA the associated IP for an user (framed-ip-address) upon connection.
> > >
> > > Is it possible when using Microsoft AD as a authentication backend?
> > >
> > > All best,
> > > mjb
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> >
> >
> > --
> >
> > Regards,
> >
> > Rehan Rafi
>



-- 

Regards,

Rehan Rafi

More information about the juniper-nsp mailing list