Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Leonardo_Tessar
Participant

IP assignment for remote VPN

Hello,

I would like to assign an IP address to a user connected to remote VPN.

I've edited the $FWDIR/conf/ipassignment.conf file with below syntax and installed the security policy but it's not working.

GWIPADDR addr 192.168.99.250, dns=(10.1.1.1,10.1.1.2) user1

The IP address 192.168.99.250 is outside of my OM IP Pool (192.168.98.0/24)

I've checked the syntax with the command "vpn ipafile_check" and it seems correct:

line 0065 is OK. User="user1"

But the user keep getting an IP from my OM IP Pool instead of the specified IP address.

Here is the config on the cluster:

image.png

Any suggestion to solve my issue?

Thank you!

 

0 Kudos
Reply
7 Replies
Maarten_Sjouw
Champion
Champion

To my knowledge you cannot assign an IP outside the OM range.
Regards, Maarten
0 Kudos
Reply
Leonardo_Tessar
Participant

Initially I had assigned an IP of the OM range, then I read that the IP had to be external to the pool and so I changed it.
But the behavior is the same on both cases.


Btw I'm working on R80.20, was anyone else able to make this configuration work on this release?

0 Kudos
Reply
Andreas_Aust
Collaborator

Did you install the policy after editing ipassignment.conf ?

0 Kudos
Reply
Leonardo_Tessar
Participant

Of course I've installed the policies.

0 Kudos
Reply
Timothy_Hall
Champion
Champion

Instead of the GWIPADDR, try using the name of the firewall object instead, install policy and try again.  Note that if it is a cluster, it must be the name of the firewall object, not the cluster object.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Leonardo_Tessar
Participant

I've already tried different combo, including the name of the Security GW instead of the IP address, but nothing changed.

Yes, I used the firewall object name and not the cluster object. 

 

0 Kudos
Reply
Leonardo_Tessar
Participant

The issue was related to spacing.

It's mandatory to use tabs between fields, if you use spaces the config will be ignored.