14 Oct
2008
14 Oct
'08
5:50 p.m.
I have VPN users who connect to a Cisco ASA firewall, which authenticates using radius off of Freeradius. I would like to enforce which IP addresses users may connect from. Am I correct to assume the Radius server is the best place to perform this?
If so, what is the best way to go about doing this? Since our users.conf is programitcally generated, hopefully the changing part of the configuration can be isolated to this file? Below is an example login from the free-radius server. I want to filter on "Calling-Station-Id", to enforce a specified source IP which may vary by user.
Just add Calling-Station-Id == users static IP address to the check line. Ivan Kalik Kalik Informatika ISP