Request for comment

Steve Goldhaber goldy at CISCO.COM
Mon Jan 29 20:11:36 EST 2001

You might want to use the RADIUS server to assign the IP
addresses. If you use the AssignIPRADIUS keyword in the VPN
Group, the RADIUS server will assign an IP address for that user.
Since RADIUS servers can be configured to allow multiple
simultaneous logins from a user, I assume they can also assign
multiple IP addressses. However, I do not know how to do that with
Steel Belted RADIUS. I do know that we have other governmant-lab
customers who use the AssignIPRADIUS keyword to track users
in real time.

> Greetings,
> We have set up a VPN service using the Cisco VPN5008 (formerly Compatible
> IntraportEnterprise8).  Our network architecture consisted of a VPN5008
> (i.e. VPN Server), a Steel Belted RADIUS (Radius Server) and an Oracle
> database (Oracle DB).
> We used the static VPN group in the VPN Server, because we wanted to have
> the ability to monitor VPN users logging onto the VPN network.  The static
> VPN group option pre-assigned a fixed IP address for each user.  Using the
> static IP address option, we were able to make one and only one VPN
> connection to the VPN Server for every static account that we created.
> Our desire was to have multiple login sessions from the same account and at
> the same time have the ability to monitor the account that VPN users used
> (in real-time, not via log files).  At the moment, we can solve this
> problem with the VPN group option, (i.e. define a user as a group with a
> number of IP addresses that we needed) but we would be interested in
> hearing if others have ideas for different ways of solving this problem.
> Thank you,
> Vu Dao

Steve Goldhaber               Cisco Systems
goldy at     
(303) 444-9532

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list