IP reservation for user

Forums › IT Pro and developers › IP reservation for user

silver565

170 posts

Master Geek

#99617 23-Mar-2012 08:53

I've got two possible ways I can think of doing this in my head.

Scenario. User connects through a sonicwall device via SSL VPN and gets a static IP every time, despite what device they come from. (I.E user ABC always gets an IP of 10.1.1.50 despite what device he/she connects from)

1. LDAP somehow supplies the IP from a DHCP server behind the sonicwall
2. The sonicwall somehow supplies the static IP on the interface that the net extender is connected to.

Does anyone know if something like this is possible?

Thanks!

--If at first you don't succeed call it version 1.0--

jackk

53 posts

Master Geek

#598969 23-Mar-2012 10:38

are you currently using LDAP authentication or local?

Either way I think you will be able to setup different user groups and classify the users accordingly from there, and control their access from then on. Sorry I can't be more specific, it's been more than 8 months since I last touched a sonicwall, but I am quite sure I have done something similar like this before by using user groups.

you might want to look up the admin guide for that specific model, there are usually some good info. Or if your sonicwall is under support contract, try to log a support call and those guys should be able to guide you through using Log Me In.

Cheers
Jackson

silver565

170 posts

Master Geek

#598971 23-Mar-2012 10:41

Hi Jackson, thanks for your reply

I'll give the user groups idea a go. I'm setting up a test environment with 2008 & AD. I'll see what I can find.

I'll let you know if I'm successful

Thanks again!

--If at first you don't succeed call it version 1.0--

jackk

53 posts

Master Geek

#598975 23-Mar-2012 10:46

Good luck!

Back then I setup different user groups, group 1 might have access to the SSLVPN portal only, from then on they get to their "bookmarks" that allow them to get to citrix or terminal server, webmail. And group 2 might have access to a few more "bookmarks" to RDP to different servers. And lastly group 3 will have full access to the LAN by using SSL VPN netextender. Something along those lines. :)

silver565

170 posts

Master Geek

#598978 23-Mar-2012 10:50

Ah see that is different to what I'm trying to do.

I'm using the net extender (the client that you download) and the sonic wall mobile connect application. The idea is that if a user logs in from an iPad they get an ip address of 10.1.1.2(for example). They will then get the same IP address if they login from a different device using the net extender or mobile connect service.

User ABC logs in from iPad ---> 10.1.1.2
User ABC logs in from Samsung Galaxy Tab --> 10.1.1.2
User ABC logs in from computer with net extender -> 10.1.1.2

So whatever device a user logs in from, the same address is always give. Call it an IP reservation for a user, rather than a mac address that you would give on windows server.

--If at first you don't succeed call it version 1.0--

jackk

53 posts

Master Geek

#598981 23-Mar-2012 10:52

and you then grant access base on that static IP by using firewall rules?

silver565

170 posts

Master Geek

#598985 23-Mar-2012 10:56

How would that be possible?

The net extender terminates on port X0(for example) and then dishes out an ip from the pool. In fact, I'm beginning to think it isn't possible at all :s

This is from our test TZ200

We normally just use the ip pool for users, however this is the one off problem where each user needs to have the same IP everytime :s

--If at first you don't succeed call it version 1.0--

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#598986 23-Mar-2012 11:00

What is the reason the user needs the same ip address every time?

Maybe there is a different approach to the problem where the user wouldn't need the same ip address.

jackk

53 posts

Master Geek

#598988 23-Mar-2012 11:01

i don't think it can do it... perhaps their SRA series of VPN appliance might be able to? sorry mate.

silver565

170 posts

Master Geek

#598990 23-Mar-2012 11:03

Yea that is what I'm thinking...

I only have access to TZ200s, NSA240s and 4500s. I may have a look and see what the latest firmware offers those models (5.8 is out now).

Thanks for your help anyway, much appreciated

--If at first you don't succeed call it version 1.0--

jackk

53 posts

Master Geek

#598996 23-Mar-2012 11:11

welcome!

your vendor should be able to give you some advice too. Perhaps they can even loan you something to play with.

silver565

170 posts

Master Geek

#598999 23-Mar-2012 11:12

I'm hoping that is the case :)
Not looking promising though. Their SSLVPN demo website (sonicwall) is modelled on a SRA 4200. It also doesn't seem to have the option.

Hopefully something pops up.. I'll be shocked if I'm the first one to ever want/try this

--If at first you don't succeed call it version 1.0--

AliExpress

Shop now on AliExpress (affiliate link).

jackk

53 posts

Master Geek

#599009 23-Mar-2012 11:28

Once a user logged into to the SRA appliance, it will create and store an user profile on the unit and from then on you can make some change base on each user, whether there is one for IP I am not quite sure. But perhaps there might be some other useful settings. All the best. :)

silver565

170 posts

Master Geek

#599014 23-Mar-2012 11:36

Thanks! much appreciated. I'll see what sonicwall comes back with

--If at first you don't succeed call it version 1.0--