SRX

Hi,

Could anyone know whether we can assign a static private ip for dynamic client other than using raduis server? i have got three different users and all of them are in different subnet. So if i can assign an ip to the user from the subnet where they belongs to then they can be restricted to access only the protected resources which comes to their subnet only. I have seen we can use different ip pools in cisco but i was wondering could it be possible in juniper as well?

Kind Regards,

Praveen

Hi,

no one knows anything? 😞

Yes, it is possible with Juniper Steel Belted Radius server to configure and return ipaddress from its pool.

Regards,

Raveen

You do not want to use radius server!

What do you mean by dynamic client, are you talking about a dhcp client?

Hi Raveen,

Thanks for your reply.

Yes i dont want to use radius server. I meant dynamic vpn users as dynamic client.  I have dynamic vpn set up in SRX100b but was trying to get a solution to assign a static ip for the dynamic  vpn users without using seperate radius server.

Kind Regards,

Praveen

Hi Praveen,

Yes you can configure ip pools and assign ip-addreses dynamically for vpn clients.

------------------

[edit access]
user@srx-1# show address-assignment
pool dynamic-pool{
    family inet{
        network 10.10.10.0/24;
        range dynamic-range{
            low 10.10.10.129;
            high 10.10.10.254;
        }
        xauth-attributes{
            primary-dns 4.2.2.2/32;
        }..

-------

BTW are you using Junos Pulse as VPN client?

Note: If this answers your question, you could mark this as accepted solution that way it benefits others as well. Kudos will be cool if I earned it!

Regards,

Raveen

Hi Raveen,

From that config all the vpn client gets ip from that same pool. Is there anyway i can create seperate pool for different users? If we cant make more than one pool then is it possible to assign a permenant ip for vpn users from one pool?

I am using Juniper Access Manager.

Yes it is possible to assign a static IP address to dynamic VPN user, 

read and try this, hope it will help: 

    dynamic-vpn {
        access-profile access-profile1;
        clients {
            all {
                remote-protected-resources {
                    x.x.x.x/x;
                }
                remote-exceptions {
                    0.0.0.0/0;
                }
                ipsec-vpn dynamic-ipsec;
                user {
                    user1;
                    user2;
                }
            }
        }
    }
}
access {
    profile access-profile1 {
        client user1{
            firewall-user {
                password "$9$IExRrvx7VY4Zdb.P"; ## SECRET-DATA
            }
            xauth{
                      ip-address 192.168.0.1/24
           }
        }
        client user2 {
            firewall-user {
                password "$9$aaJi.Qz6Au1n/re"; ## SECRET-DATA
            }
             xauth{
                      ip-address 192.168.1.2/24
             }
        }
       
    }
    firewall-authentication {
        web-authentication {
            default-profile access-profile1;
        }
    }
}

Hi Raveen,

Thank you very much . It would work...  

Hi, 

You marked my answer as the solution, 

and you thanked Raveen 😄 😉

Thank you Abdellah!

Regards,

Raveen

Hi Abdellah,

I assumed that was from Raveen but now reliazed it was from you...   Thanks both of you... 

Kind Regards,

Praveen

Thank you guys 🙂