Documentation

 

 

Introduction

SecureAuth IdP RADIUS Server version 2.2.19+ can be configured to pass an IP address to the VPN for static IP assignment to the VPN client (e.g. PC or Mac). This configuration enables the administrator to control static IP assignment of the VPN client via SecureAuth IdP and the RADIUS server.

Click here for the latest version of SecureAuth IdP RADIUS Server Integration Guide

Prerequisites
  • SecureAuth IdP version 9.0+ with Authentication API configured and enabled on the realm
  • SecureAuth IdP RADIUS Server v2.2.19+ configured and successfully authenticating end-users
  • Active Directory or LDAP attribute to store the static IP address to be assigned to the VPN client – this IP address must fall within the client IP pool assigned on the VPN

Instructions in this document pertain to Cisco ASA with AnyConnect Mobility Client

Note that other VPN clients may not support mapping static IP addresses and / or the names of fields to be mapped may differ from the ones specified in this document

SecureAuth IdP Configuration Steps
Data

 

1. On the Data tab of the SecureAuth IdP Web Admin, in the Profile Fields section, select a Property and map it to the designated AD attribute that contains the static IP address to be assigned to the VPN client

In this example using Cisco ASA with AnyConnect Mobility Client, the homePhone attribute contains the static IP address in Active Directory, and Aux ID 8 is selected to be mapped to that attribute

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

API
API Key

 

2. On the API tab, in the API Key section, select Enable API for this realm

3. Click Generate Credentials to create a new Application ID and Application Key

API Permissions

 

4. In the API Permissions section, select Enable Authentication API

5. Select User Management - add / update / retrieve users and their properties

Click Save once the configurations have been completed and before leaving the API page to avoid losing changes

SecureAuth RADIUS Server Admin Console Configuration Steps
RADIUS Clients

 

1. On the SecureAuth RADIUS Server Admin Console, select Add Client on the RADIUS Clients tab

 

2. In the Add RADIUS Client section, add a Client Name and Client IP Address

3. In the SecureAuth IdP Settings section, select the realm and authentication workflow end-users will use

4. In the Custom Attribute Mapping section, click the "+" sign to add a row

5. In the IdP field, enter the Property selected on the Data tab

In this example using Cisco ASA with AnyConnect Mobility Client, auxId8 is entered since Aux Id 8 is mapped to the static IP address

6. Enter 0 (zero) for the Vendor ID

7. Enter the value of the Attribute to be used for access requests

In this example using Cisco ASA with AnyConnect Mobility Client, enter 8 since Attribute 8 is the Framed-IP-Address value used to request the IP address from the NAS server

8. Select the Attribute Field Type from the dropdown

 Field Type selections...
  • string – Variable-length string field used for printable text strings
  • date – UNIX timestamp in seconds, as of January 1, 1970 GMT
  • octets – Variable-length string field used for binary data
  • short – Two-byte integer
  • integer – Unsigned 32-bit integer
  • ipaddr – IPv4 address
  • ipv6addr – IPv6 address

9. Click Add Client

  • No labels