Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




165 posts

Master Geek


Topic # 99617 23-Mar-2012 08:53
Send private message

I've got two possible ways I can think of doing this in my head. 

Scenario. User connects through a sonicwall device via SSL VPN and gets a static IP every time, despite what device they come from. (I.E user ABC always gets an IP of 10.1.1.50 despite what device he/she connects from)

1. LDAP somehow supplies the IP from a DHCP server behind the sonicwall 
2. The sonicwall somehow supplies the static IP on the interface that the net extender is connected to. 

Does anyone know if something like this is possible? 

Thanks!

Create new topic
53 posts

Master Geek


  Reply # 598969 23-Mar-2012 10:38
Send private message

are you currently using LDAP authentication or local?

Either way I think you will be able to setup different user groups and classify the users accordingly from there, and control their access from then on. Sorry I can't be more specific, it's been more than 8 months since I last touched a sonicwall, but I am quite sure I have done something similar like this before by using user groups.

you might want to look up the admin guide for that specific model, there are usually some good info. Or if your sonicwall is under support contract, try to log a support call and those guys should be able to guide you through using Log Me In.

Cheers
Jackson 



165 posts

Master Geek


  Reply # 598971 23-Mar-2012 10:41
Send private message

Hi Jackson, thanks for your reply

I'll give the user groups idea a go. I'm setting up a test environment with 2008 & AD. I'll see what I can find.

I'll let you know if I'm successful

Thanks again! 

 
 
 
 


53 posts

Master Geek


  Reply # 598975 23-Mar-2012 10:46
Send private message

Good luck!

Back then I setup different user groups, group 1 might have access to the SSLVPN portal only, from then on they get to their "bookmarks" that allow them to get to citrix or terminal server, webmail. And group 2 might have access to a few more "bookmarks" to RDP to different servers. And lastly group 3 will have full access to the LAN by using SSL VPN netextender. Something along those lines. :) 



165 posts

Master Geek


  Reply # 598978 23-Mar-2012 10:50
Send private message

Ah see that is different to what I'm trying to do.

I'm using the net extender (the client that you download) and the sonic wall mobile connect application. The idea is that if a user logs in from an iPad they get an ip address of 10.1.1.2(for example). They will then get the same IP address if they login from a different device using the net extender or mobile connect service.

User ABC logs in from iPad ---> 10.1.1.2
User ABC logs in from Samsung Galaxy Tab --> 10.1.1.2
User ABC logs in from computer with net extender -> 10.1.1.2

So whatever device a user logs in from, the same address is always give. Call it an IP reservation for a user, rather than a mac address that you would give on windows server. 

53 posts

Master Geek


  Reply # 598981 23-Mar-2012 10:52
Send private message

and you then grant access base on that static IP by using firewall rules?



165 posts

Master Geek


  Reply # 598985 23-Mar-2012 10:56
Send private message

How would that be possible?

The net extender terminates on port X0(for example) and then dishes out an ip from the pool. In fact, I'm beginning to think it isn't possible at all :s

This is from our test TZ200 



We normally just use the ip pool for users, however this is the one off problem where each user needs to have the same IP everytime :s 

8029 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 598986 23-Mar-2012 11:00
Send private message

What is the reason the user needs the same ip address every time?

Maybe there is a different approach to the problem where the user wouldn't need the same ip address.

53 posts

Master Geek


  Reply # 598988 23-Mar-2012 11:01
Send private message

i don't think it can do it... perhaps their SRA series of VPN appliance might be able to? sorry mate.



165 posts

Master Geek


  Reply # 598990 23-Mar-2012 11:03
Send private message

Yea that is what I'm thinking...

I only have access to TZ200s, NSA240s and 4500s. I may have a look and see what the latest firmware offers those models (5.8 is out now).

Thanks for your help anyway, much appreciated  

53 posts

Master Geek


  Reply # 598996 23-Mar-2012 11:11
Send private message

welcome!

your vendor should be able to give you some advice too. Perhaps they can even loan you something to play with.



165 posts

Master Geek


  Reply # 598999 23-Mar-2012 11:12
Send private message

I'm hoping that is the case :)
Not looking promising though. Their SSLVPN demo website (sonicwall) is modelled on a SRA 4200. It also doesn't seem to have the option.

Hopefully something pops up.. I'll be shocked if I'm the first one to ever want/try this 

53 posts

Master Geek


  Reply # 599009 23-Mar-2012 11:28
Send private message

Once a user logged into to the SRA appliance, it will create and store an user profile on the unit and from then on you can make some change base on each user, whether there is one for IP I am not quite sure. But perhaps there might be some other useful settings. All the best. :)



165 posts

Master Geek


  Reply # 599014 23-Mar-2012 11:36
Send private message

Thanks! much appreciated. I'll see what sonicwall comes back with

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.