Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




165 posts

Master Geek


# 99617 23-Mar-2012 08:53
Send private message

I've got two possible ways I can think of doing this in my head. 

Scenario. User connects through a sonicwall device via SSL VPN and gets a static IP every time, despite what device they come from. (I.E user ABC always gets an IP of 10.1.1.50 despite what device he/she connects from)

1. LDAP somehow supplies the IP from a DHCP server behind the sonicwall 
2. The sonicwall somehow supplies the static IP on the interface that the net extender is connected to. 

Does anyone know if something like this is possible? 

Thanks!

Create new topic
53 posts

Master Geek


  # 598969 23-Mar-2012 10:38
Send private message

are you currently using LDAP authentication or local?

Either way I think you will be able to setup different user groups and classify the users accordingly from there, and control their access from then on. Sorry I can't be more specific, it's been more than 8 months since I last touched a sonicwall, but I am quite sure I have done something similar like this before by using user groups.

you might want to look up the admin guide for that specific model, there are usually some good info. Or if your sonicwall is under support contract, try to log a support call and those guys should be able to guide you through using Log Me In.

Cheers
Jackson 



165 posts

Master Geek


  # 598971 23-Mar-2012 10:41
Send private message

Hi Jackson, thanks for your reply

I'll give the user groups idea a go. I'm setting up a test environment with 2008 & AD. I'll see what I can find.

I'll let you know if I'm successful

Thanks again! 

 
 
 
 


53 posts

Master Geek


  # 598975 23-Mar-2012 10:46
Send private message

Good luck!

Back then I setup different user groups, group 1 might have access to the SSLVPN portal only, from then on they get to their "bookmarks" that allow them to get to citrix or terminal server, webmail. And group 2 might have access to a few more "bookmarks" to RDP to different servers. And lastly group 3 will have full access to the LAN by using SSL VPN netextender. Something along those lines. :) 



165 posts

Master Geek


  # 598978 23-Mar-2012 10:50
Send private message

Ah see that is different to what I'm trying to do.

I'm using the net extender (the client that you download) and the sonic wall mobile connect application. The idea is that if a user logs in from an iPad they get an ip address of 10.1.1.2(for example). They will then get the same IP address if they login from a different device using the net extender or mobile connect service.

User ABC logs in from iPad ---> 10.1.1.2
User ABC logs in from Samsung Galaxy Tab --> 10.1.1.2
User ABC logs in from computer with net extender -> 10.1.1.2

So whatever device a user logs in from, the same address is always give. Call it an IP reservation for a user, rather than a mac address that you would give on windows server. 

53 posts

Master Geek


  # 598981 23-Mar-2012 10:52
Send private message

and you then grant access base on that static IP by using firewall rules?



165 posts

Master Geek


  # 598985 23-Mar-2012 10:56
Send private message

How would that be possible?

The net extender terminates on port X0(for example) and then dishes out an ip from the pool. In fact, I'm beginning to think it isn't possible at all :s

This is from our test TZ200 



We normally just use the ip pool for users, however this is the one off problem where each user needs to have the same IP everytime :s 

8034 posts

Uber Geek

Trusted

  # 598986 23-Mar-2012 11:00
Send private message

What is the reason the user needs the same ip address every time?

Maybe there is a different approach to the problem where the user wouldn't need the same ip address.

 
 
 
 


53 posts

Master Geek


  # 598988 23-Mar-2012 11:01
Send private message

i don't think it can do it... perhaps their SRA series of VPN appliance might be able to? sorry mate.



165 posts

Master Geek


  # 598990 23-Mar-2012 11:03
Send private message

Yea that is what I'm thinking...

I only have access to TZ200s, NSA240s and 4500s. I may have a look and see what the latest firmware offers those models (5.8 is out now).

Thanks for your help anyway, much appreciated  

53 posts

Master Geek


  # 598996 23-Mar-2012 11:11
Send private message

welcome!

your vendor should be able to give you some advice too. Perhaps they can even loan you something to play with.



165 posts

Master Geek


  # 598999 23-Mar-2012 11:12
Send private message

I'm hoping that is the case :)
Not looking promising though. Their SSLVPN demo website (sonicwall) is modelled on a SRA 4200. It also doesn't seem to have the option.

Hopefully something pops up.. I'll be shocked if I'm the first one to ever want/try this 

53 posts

Master Geek


  # 599009 23-Mar-2012 11:28
Send private message

Once a user logged into to the SRA appliance, it will create and store an user profile on the unit and from then on you can make some change base on each user, whether there is one for IP I am not quite sure. But perhaps there might be some other useful settings. All the best. :)



165 posts

Master Geek


  # 599014 23-Mar-2012 11:36
Send private message

Thanks! much appreciated. I'll see what sonicwall comes back with

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.