Hello,
how can an IP address based SHL be used in a role mapping profile?
We want to assign a role based on the client IP address of a VPN client where the the Radius:IETF:Tunnel-Client-Endpoint attribute matches an entry in the (IP based) SHL.
This seems to work when using
Radius:IETF:Calling-Station-ID
as it allows to match on a SHL (belongs_to_group).
But we don´t get that attribute from the VPN gateway.
We only get Radius:IETF:Tunnel-Client-Endpoint
Essentially, VPN clients behind specified NAT IPs that connect to VPN gateways should get a dedicated role assigned.
Based on that role, enforcement should sent an attribute to the VPN gateway to treat those clients special.
Is there a way to make Radius:IETF:Tunnel-Client-Endpoint also match on entries in a SHL?
Thanks,
Christian