Hello Alan, Yes, according to the documentation of the Juniper Gateway, the gateway should be able to understand the Radius attribute 8 "Framed-IP-Address" in the Access-Accept message, but it seems that it also need the attribute 88 " Framed-Pool".
This is described in "Concepts & Examples ScreenOS Reference Guide, User Authentication document", chapter "Framed Pool and Framed IP Address" page 26, http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_UserAuth.pdf And then the Gateway should be able to send this address in the IKEv2 configuration payload to the IPsec client (this ikev2 interface is already working with local address assignment in the gateway, we tested it). Best regards, Laurence -----Original Message----- From: freeradius-users-bounces+laurence.groebl=alcatel-lucent....@lists.freeradius.org [mailto:freeradius-users-bounces+laurence.groebl=alcatel-lucent....@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Dienstag, 1. März 2011 10:00 To: FreeRadius users mailing list Subject: Re: IP Pool for Ethernet Groebl, Laurence (Laurence) wrote: > However I'd like the RADIUS server to assign this IP address and send it > within the Access-Accept in the Framed-IP-Address attribute (to avoid > configuring the IPsec Gateway with the tunnel address). Does the gateway *understand* what it means to have an address in the Access-Accept? If the documentation doesn't say it will work, then it won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
