https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9207#M12534 <HTML><HEAD></HEAD><BODY><P>Hi Dameon,</P><P>Close - but not quite there. I have used the referenced SK to set up in the lab and the clients are getting the SAME ip address. This is so because the RADIUS server is dumb and is not controlling IP allocation.</P><P></P><P>My RADIUS server is sending the following&nbsp;</P><P>Framed-IP-Address - 192.168.48.0<BR />Framed-IP-Netmask - 255.255.255.0</P><P>Framed-Protocol - PPP</P><P></P><P>Each client to connect gets a PPP connection: their IP 192.168.48.0 and the gateway is correct at 192.168.100.2. Always the same...</P><P></P><P>I need the gateway itself to handle IP allocation as my Radius server cannot do IP pools. I can send the above attributes or even a string with the name of an IP pool, but the gateway must take this info and make its own decisions about IP's.</P><P></P><P>Is there a way for this to happen or will the Checkpoint Gateway always expect an IP from the radius server?&nbsp;</P><P></P><P>Thanks</P><P>Gary</P></BODY></HTML> Mon, 04 Mar 2019 13:39:08 GMT Gary_Napier 2019-03-04T13:39:08Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9205#M12532 <HTML><HEAD></HEAD><BODY><P>Hi folks,</P><P>Looking for a technology go/no go for this scenario: Can you please let me know if this will work.</P><P></P><P>R80.10 - RA VPN for 2 user groups:&nbsp;<BR />Group 1 will use the Endpoint client, be Windows based and will receive office mode IP's - already works.</P><P>Group 2 will use L2TP (shared secret string) and be Linux based. I would like them to receive custom IP's from a pool.</P><P></P><P>Both sets of users authenticate via a Radius server (with accounting). For Group 2, the radius server can send the IP pool name that they should be allocated from.&nbsp;</P><P></P><P>The Key here is that CheckPoint will hand out DHCP addresses&nbsp;instead of the Radius server - as with traditional RADIUS accounting..</P></BODY></HTML> Sun, 03 Mar 2019 22:14:39 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9205#M12532 Gary_Napier 2019-03-03T22:14:39Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9206#M12533 <HTML><HEAD></HEAD><BODY><P>Believe what you are looking for is:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43857" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk43857">How to configure RADIUS to assign Office Mode IP addresses</A>&nbsp;</P></BODY></HTML> Mon, 04 Mar 2019 10:08:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9206#M12533 PhoneBoy 2019-03-04T10:08:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9207#M12534 <HTML><HEAD></HEAD><BODY><P>Hi Dameon,</P><P>Close - but not quite there. I have used the referenced SK to set up in the lab and the clients are getting the SAME ip address. This is so because the RADIUS server is dumb and is not controlling IP allocation.</P><P></P><P>My RADIUS server is sending the following&nbsp;</P><P>Framed-IP-Address - 192.168.48.0<BR />Framed-IP-Netmask - 255.255.255.0</P><P>Framed-Protocol - PPP</P><P></P><P>Each client to connect gets a PPP connection: their IP 192.168.48.0 and the gateway is correct at 192.168.100.2. Always the same...</P><P></P><P>I need the gateway itself to handle IP allocation as my Radius server cannot do IP pools. I can send the above attributes or even a string with the name of an IP pool, but the gateway must take this info and make its own decisions about IP's.</P><P></P><P>Is there a way for this to happen or will the Checkpoint Gateway always expect an IP from the radius server?&nbsp;</P><P></P><P>Thanks</P><P>Gary</P></BODY></HTML> Mon, 04 Mar 2019 13:39:08 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9207#M12534 Gary_Napier 2019-03-04T13:39:08Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9208#M12535 <HTML><HEAD></HEAD><BODY><P>You can do IP assignment based on groups as described here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk33422" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk33422">Office Mode IP and ipassignment.conf file</A></P><P>However the actual subnet to assign IPs from must be specified in ipassignment.conf.</P><P>We do not support taking the subnet to assign IPs from via RADIUS.&nbsp;</P></BODY></HTML> Mon, 04 Mar 2019 15:06:00 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IP-pool-assignment-using-radius/m-p/9208#M12535 PhoneBoy 2019-03-04T15:06:00Z