Technical Tip: NAS-IP support per SSL-VPN realm
Description
This article describes how to configure NAS-IP in the SSL VPN realm which can be used to override the NAS-IP configured in radius authentication server settings.
Solution
Radius authentication Settings.
In the radius settings, 172.31.128.33 is configured as NAS-IP.
This article describes how to configure NAS-IP in the SSL VPN realm which can be used to override the NAS-IP configured in radius authentication server settings.
Solution
Radius authentication Settings.
In the radius settings, 172.31.128.33 is configured as NAS-IP.
SSL VPN realm called 'HR’ is now configured and overridden the NAS-IP '172.31.128.100'.
The below settings will be applicable for SSL VPN realm 'HR’'and this option can be used in case if customers want to segregate with NAS-IP address for each departments or groups.
The RADIUS server authenticates and authorizes based on this information.
Each RADIUS server can be configured with multiple NAS-IPs for authenticating different groups and NAS clients.
Forticlient Config.
The login URL for SSL VPN is https://172.31.128.33:10443/hr
The user connection getting connected:
Logs.
The NAS-IP as 172.31.128.100 which is configured in SSL VPN Realm ‘HR’ is overriding the actual NAS-IP in radius configuration.
The debug for 'fnbam’ as below.
The NAS-IP as 172.31.128.100 which is configured in SSL VPN Realm ‘HR’ is overriding the actual NAS-IP in radius configuration.
The debug for 'fnbam’ as below.
Sniffer.
In ACCESS-REQUEST, attribute for NAS-IP with configured IP in SSL VPN realm is visible.