Security

Reply
Contributor I

IP based static host list usage

Hello,

 

how can an IP address based SHL be used in a role mapping profile?

 

We want to assign a role based on the client IP address of a VPN client where the the Radius:IETF:Tunnel-Client-Endpoint attribute matches an entry in the (IP based) SHL.

 

This seems to work when using

Radius:IETF:Calling-Station-ID

as it allows to match on a SHL (belongs_to_group).

 

But we don´t get that attribute from the VPN gateway.

We only get Radius:IETF:Tunnel-Client-Endpoint

 

Essentially, VPN clients behind specified NAT IPs that connect to VPN gateways should get a dedicated role assigned.

Based on that role, enforcement should sent an attribute to the VPN gateway to treat those clients special.

 

Is there a way to make Radius:IETF:Tunnel-Client-Endpoint also match on entries in a SHL?

 

Thanks,

Christian

 

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: