How to assign a Static IP Address to an L2TP VPN Client using RADIUS/LDAP Server
07/22/2024
0 People found this article helpful
298 Views
Description
When connecting to a Gen 7 Firewall from an L2TP VPN Client, L2TP over IPsec VPN feature can be configured to either assign a dynamic IP Address to the Client from an IP pool or assign a static IP Address to the Client using a RADIUS/LDAP Server. This KB Article assumes that the Firewall Administrator is already familiar with the following configurations mentioned in the below-listed KB. If not it's important for the Firewall Administrator to familiarize it as the steps described in this KB would need them as pre-requisites:
Resolution
1. In the Microsoft Server Active Directory Users and Computers, right-click and open the properties dialogue box of the user to whom a static IP needs to be assigned
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704895947.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
2. On the properties dialogue box, click on Dial-in tab
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704946933.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
3. Enable Control Access through NPS Network Policy under Network Access Permission
4. Click on Static IP Addresses... under Assign Static IP Addresses
5. Enable Assign a static IPv4 Address: and key in the IP Address like the example below. Ensure that the IP address is within the network scope of X0 LAN but excluded from any DHCP Static/Dynamic Scopes and also doesn't conflict with any manually addressed workstation IPs in the X0 LAN. This step concludes the configuration needed for the Windows RADIUS Server
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704375138.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
6. Navigate to SonicOS Contemporary Gui > Network > IPsec VPN > L2TP Server > Settings > Configure > L2TP User Settings
7. Enable IP address provided by RADIUS/LDAP Server
8. Drop down the User group for L2TP users and set it to Trusted Users and Save. This step concludes the configuration needed on the SonicWall Firewall
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704967182.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
9. Navigate to SonicOS Contemporary Gui > Device > Users > Settings > Authentication > Configure RADIUS > Test and test the RADIUS Username to validate the expected test output for 'Framed IP Address' as shown in the example below:
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704161027.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
10. Connect from a workstation or mobile device using built-in L2TP VPN with Pre-Shared Key configuration and the client would get the RADIUS Server assigned IP for PPP Adapter as shown in the example below:
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090240704962884.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTMxODYyMTksImlhdCI6MTcyMTY1MDIxOX0.I7rmMUcY8Qopkiyc-QmzPczoNDdgnPX6sZqjvQFZE1I)
Related Articles
Categories
Was This Article Helpful?
YES
NO