Table of Contents
Advertisement
Network and Security Manager Administration Guide
Using Multiple IP Ranges
Configuring Group Expressions
406
An IP Pool object can contain multiple, non-sequential IP ranges. You might need to use
multiple ranges to accommodate large numbers of RAS users in a VPN.
You can configure up to 256 IP ranges within a single IP Pool object. You can add any
number of IP Pool objects.
NOTE: Devices running ScreenOS 5.1 or earlier versions do not support multiple IP pool
ranges. When you include a multi-range IP pool object in a device configuration or VPN
for a device running ScreenOS 5.1 or earlier, the device automatically uses the first IP
range defined in the IP Pool object.
To modify or delete an IP range from an IP Pool object, you must first ensure that no IP
within the range is currently in use by any managed device. If you change or delete an IP
range that contains a used IP address, the device using the IP generates an error during
device update (error message appears with the Job Manager dialog box for the update).
In this example, you configure an IP pool with the ranges 1.1.1.1-1.1.1.10 and 2.2.2.2-2.2.2.20.
In the navigation tree, select Object Manager > IP Pools.
1.
In the main display area, click the Add icon. The New IP Pool dialog box appears.
2.
Configure as follows:
For Name, enter L2TP User Group 1.
For Color, select orange.
For Comment, enter IPs for usergrp 1.
In the IP Pool dialog box, click the Add icon to configure the first IP pool range. The
3.
New IP Pool Name dialog box appears. Configure the Start IP and End IP, then click
OK:
For Start IP, enter 1.1.1.1.
For End IP, enter 1.1.1.10.
In the IP Pool dialog box, click the Add icon to configure the second IP pool range.
4.
The New IP Pool Name dialog box appears. Configure the Start IP and End IP, then
click OK:
For Start IP, enter 2.2.2.2.
For End IP, enter 2.2.2.20.
Click OK again to save the IP Pool object and return to Object Manager.
5.
Group expressions are statements that set conditions for authentication requirements,
enabling you to combine multiple external user objects. You can create group expressions
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
