Created on 09-06-2005 12:00 AM
Description | How to reserve IP addresses for FortiClient dial-in users when using DHCP-over-IPSec. |
Components |
|
Steps or Commands | You can reserve dedicated IP addresses for FortiClient dial-in users when the "Acquire virtual IP address" method is configured for DHCP-over-IPSec. You can configure this for some or all of the FortiClient dial-in users. This provides:
To do this, configure the internal DHCP server (not on the FortiGate unit) to bind an IP addresse to a client's MAC address. Use the MAC address of the physical network interface card on the PC with FortiClient installed and will be connecting to the FortiGate unit. You can obtain the PC's MAC address by running Note that you do not have to configure on the FortiGate unit, as this is a built-in feature of the DHCP protocol itself. Tip: When you add/define a new IP reservation on your DHCP server, ensure you delete the active lease for this IP address, so that it can take effect upon next connection. Once the reservation is made on the DHCP server (and the lease cleared for this IP address), the next time the FortiClient dials in, the PC acquires the reserved IP address as an IPSec Virtual IP. Below is a configuration example of an IP reservation configured on a linux dhcpd server, where IP address 10.100.0.13 is reserved for PC 'trublion' which will VPN dial-in with FortiClient. The internal subnet is 10.100.0.0/24 and addresses from 10.100.0.1 - 10.100.0.31 are assigned through DHCP. # cat /etc/dhcpd.conf shared-network labtest { subnet 10.100.0.0 netmask 255.255.255.0 { host trublion { } |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.