Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point
511512513514515516517518519520
The address pool contains all the IP addresses that can be assigned to users. You can define up
to 30 addresses. Addresses must be valid for the network to which the Internet port is connected.
Specify a single address or an address range as follows: address1 - address2. For example, the
following defines a range of 20 addresses: 192.168.1.1-192.168.1.20
This feature can only be used with authenticated, access-controlled users.
To reduce the number of addresses that need to be defined, the controller will use the same address
for multiple users as long as they are establishing a connection with different VPN servers.
Use this feature when all of the following conditions are true:
Users intend to make IPSec or PPTP VPN connections with a remote site via the Internet port
on the controller.
NAT is enabled on the controller. (In its default configuration, NAT translates all IP address
on the local network to a single public IP address; the address assigned to the Internet port
on the controller. As a result, all user sessions to an external resource appear to originate from
the same IP address. This can cause a problem with remote VPN servers that require a unique
IP address for each user session.)
The remote VPN server requires that each user have a unique IP address.
NOTE: External devices cannot initiate connections with users via the address assigned by this
feature.
Assigning addresses to users
To make use of this feature, each user account must have the VPN one-to-one NAT option enabled.
Do this as follows:
If using the local user accounts (defined on the Controller >> Users menu), enable the VPN
one-to-one NAT option in the account profile or subscription plan that is assigned to the user.
See “Defining account profiles (page 357) and “Defining subscription plans (page 358).
If using Active Directory, enable the VPN one-to-one NAT option in the account profile (see
“Defining account profiles (page 357)) that is assigned to an Active Directory group (see
“Configuring an Active Directory group (page 371)).
If using a RADIUS server, add the following Colubris AV-Pair value to the users account:
one-to-one-nat=1. For more information on setting attributes, see “Default user one-to-one
NAT (page 474) and “One-to-one NAT (page 486).
516 Working with VPNs