IP Pool for Ethernet
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Tue Mar 1 11:39:45 CET 2011
Hello Alan,
Yes, according to the documentation of the Juniper Gateway, the gateway should be able to understand the Radius attribute 8 "Framed-IP-Address" in the Access-Accept message, but it seems that it also need the attribute 88 " Framed-Pool".
This is described in "Concepts & Examples ScreenOS Reference Guide, User Authentication document", chapter "Framed Pool and Framed IP Address" page 26,
http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_UserAuth.pdf
And then the Gateway should be able to send this address in the IKEv2 configuration payload to the IPsec client (this ikev2 interface is already working with local address assignment in the gateway, we tested it).
Best regards,
Laurence
-----Original Message-----
From: freeradius-users-bounces+laurence.groebl=alcatel-lucent.com at lists.freeradius.org [mailto:freeradius-users-bounces+laurence.groebl=alcatel-lucent.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Dienstag, 1. März 2011 10:00
To: FreeRadius users mailing list
Subject: Re: IP Pool for Ethernet
Groebl, Laurence (Laurence) wrote:
> However I'd like the RADIUS server to assign this IP address and send it
> within the Access-Accept in the Framed-IP-Address attribute (to avoid
> configuring the IPsec Gateway with the tunnel address).
Does the gateway *understand* what it means to have an address in the
Access-Accept? If the documentation doesn't say it will work, then it
won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list