Remote Access VPN Address Assignment Policy

The threat defense device can use an IPv4 or IPv6 policy for assigning IP addresses to Remote Access VPN clients. If you configure more than one address assignment method, the threat defense device tries each of the options until it finds an IP address.

IPv4 or IPv6 Policy

You can use the IPv4 or IPv6 policy to address an IP address to remote access VPN clients. You must try with the IPv4 policy to begin and later followed by IPv6 policy.

  • Use Authorization Server—Retrieves the address from an external authorization server on a per-user basis. If you are using an authorization server that has IP address configured, we recommend using this method. Address assignment is supported by RADIUS-based authorization server only. It is not supported for AD/LDAP. This method is available for both IPv4 and IPv6 assignment policies.

  • Use DHCP—Obtains IP addresses from a DHCP server configured in a connection profile. You can also define the range of IP addresses that the DHCP server can use by configuring DHCP network scope in the group policy. If you use DHCP, configure the server in the Objects > Object Management > Network pane. This method is available for IPv4 assignment policies.

    For more information about DHCP network scope configuration, see Group Policy General Options.

  • Use an internal address pool—Internally configured address pools are the easiest method of address pool assignment to configure. If you use this method, create the IP address pools in the Objects > Object Management >Address Pools pane and select the same in the connection profile. This method is available for both IPv4 and IPv6 assignment policies.

  • Allow reuse an IP address so many minutes after it is released—Delays the reuse of an IP address after its return to the address pool. Adding a delay helps to prevent problems firewalls can experience when an IP address is reassigned quickly. By default, the delay is set to zero. If you want to extend the delay, enter the number of minutes in the range of 0–480 to delay the IP address reassignment. This configurable element is available for IPv4 assignment policies.