>I have VPN users who connect to a Cisco ASA firewall, which authenticates >using radius off of Freeradius. I would like to enforce which IP addresses >users may connect from. Am I correct to assume the Radius server is the >best place to perform this? > >If so, what is the best way to go about doing this? Since our users.conf is >programitcally generated, hopefully the changing part of the configuration >can be isolated to this file? Below is an example login from the >free-radius server. I want to filter on "Calling-Station-Id", to enforce a >specified source IP which may vary by user. >
Just add Calling-Station-Id == users static IP address to the check line. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
