Skip to main content
CatalinStefanel
CatalinStefanel
New Member
March 5, 2018
Question

IPSec VPN - How to Assign IP to user

  • March 5, 2018
  • 2 replies
  • 19054 views

Hello,

 

Is there a way to assign a specific IP to a user rather then taking one from the pool  of ips ? So the user can have only a specific IP everytime it connects to the VPS and other users to be able to take IPs from the pool except the dedicated ip assigned for that user.

 

If additional information is required (like software/hardware version) please let me know.

    2 replies

    rwpatterson
    rwpatterson
    New Member
    March 5, 2018

    Welcome to the forums.

     

    Reserve the MAC address in the DHCP scope that gives IPs out to the SSL VPN clients. This way the user will always get the same IP address.

    CatalinStefanel
    CatalinStefanelAuthor
    New Member
    March 5, 2018

    Hi rwpatterson and thank you :)

     

    What if I remotely connect to the VPN from home to the vpn server in the office ? From my basic networking knowledge, the MAC address thing won't help. If it does, excuse my question and I'll try that.

     

    Longstory short, I'm a remote employee which has to connect to a Forti IPSec VPN which is in the office and I need a specific IP each time I login. For example:

    The IPs are 89.89.89.201-207. I need to get 89.89.89.201 each time I login and the rest of the employees should get any other IPs 89.89.89.202-207 except 201.

    rwpatterson
    rwpatterson
    New Member
    March 5, 2018

    CatalinStefanel wrote:

    Hi rwpatterson and thank you :)

     

    What if I remotely connect to the VPN from home to the vpn server in the office ? From my basic networking knowledge, the MAC address thing won't help. If it does, excuse my question and I'll try that.

     

    Longstory short, I'm a remote employee which has to connect to a Forti IPSec VPN which is in the office and I need a specific IP each time I login. For example:

    The IPs are 89.89.89.201-207. I need to get 89.89.89.201 each time I login and the rest of the employees should get any other IPs 89.89.89.202-207 except 201.

    I have my laptop set to have a certain IP address when I log into my Fortigate at home through the SSL VPN. I then have policies that permit my single laptop to get to my servers. At one time, I allowed others to use my SSL VPN to access some other restricted locations, but not my servers. This worked as desired for me.

     

    config system dhcp reserved-address     edit 1         set ip 192.168.138.20         set mac 21:21:5c:85:ff:d1     next     edit 2         set ip 192.168.139.20         set mac 21:21:5c:85:ff:d1     next end

    192.168.139.20 is my LAN segment and 192.168.138.20 is my SSL VPN segment. Now you are using IPSec. Your mileage may differ.

    ericli_FTNT
    Staff
    ericli_FTNT
    Staff
    March 5, 2018

    hi there,

    I suggest you create a new IPSEC policy for your specific IP reservation.

    http://cookbook.fortinet.com/ipsec-vpn-forticlient/

    At step3, "Routing and policy",specify your own IP. And create 202-207 in another IPSEC later.

    Terms & ConditionsAccessibility statement