Security

Hello all;

Using Clearpass 6.7 against Active Directory.

I am working on a request to provide static IP addresses to a number of VPN users that need to be added to vendor whitelists for various reasons. My first thought was to use the "static IP" field in the dialin tab exposed in AD, but unfortunately that address is stored internally as a 32 bit integer and Clearpass requires a dotted quad.

My new plan is to use one of the AD extension attributes instead, and write a quick and dirty wrapper for the helpdesk to use. But before I do that, I was just curious if anyone else come up with a better solution?

I've also considered applying a common user role with a NAT firewall rule, but I'm not fond of having a shared IP floating around the network.

It is unclear what you're wanting to accomplish...are you trying to authenticate VPN users with CPPM?

Yes. What I wanted to do was assign a static IP to a VPN user who was authenticating with CPPM using AD as the authentication source.

It works if you use a text attribute in AD to hold the IP address (say description, or extensionattribute1, etc.). I was just looking to see if anyone had come up with a more elegant way to do it.

Andrew

You could store it CPPM as an endpoint attribute  Then give your help desk read access to the endpoint repository. However, I'm not sure that I am answering your question..

Sounds like you may need an IPAM system.