Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 11608 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fixed IP for SSL VPN Login

BeEf

Hello,

one of our service provider logs in with SSL VPN to monitor one of his devices (PBX) system.

He is complaining that he sometimes gets a different IP address (probably when he logs in again).

 

I looked into the configuration of the firewall, DHCP, etc.

 

Currently everything seem to be capsuled and AFIK the configurable DHCP service is not used to assign IPs for VPN users (maybe it is used internally but I do not find it in the GUI).

 

The solution should be persistent to firmware updates if possible.

 

Is there a way to assingn a dedicated IP address to an SSL-VPN user or the corresponding Device (MAC address)?

 

Best regards,

Bernd



This thread was automatically locked due to age.
  • 0

    Hi Brend,

    Unfortunately, it is not possible to lease a static IP address to a remote access user connected through SSL VPN. However, you can use static remote access IP for L2TP, PPTP and IPSec by defining the IP address in specific User definition.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Bernd, instead of SSL VPN Remote Access, the ideal method for such a usage case is the HTML5 VPN Portal.

    Why does he need a fixed address?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    he needs a fixed ip in order to define the correct rules for the monitoring / firewall on their site.

    Using a HTML5 VPN Portal is not an option. They need a remote access to talk to some agent and/or shell on their devices.

     

    Best regards,
    Bernd

  • 0 in reply to BAlfson

    In our case we want to control access to internal resources by remote user login. Specifically, on an internal webserver (we use apache) I want to deny access to a virtualhost from some users and allow access from others - in apache this can only be done based on remote IP.

    The only way to do this is by remote user IP - meanwhile currently, that changes frequently.

  • 0 in reply to Gary Prosser1

    I recently did the following for a client...

    Say the user is named John:

    1. Put an Additional Address [John] on the Internal interface.
    2. Create a NAT rule like

    SNAT : John (User Network) -> Web Surfing -> {Apache server} : from Internal [John] (Address)

    Note the difference between the "Internal [John] (Address)" and "John (User Network)" objects.  Have Apache key off the IP of the "Internal [John] (Address)" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML