Skip to main content

Default Group Address Pool for Access Server

Abstract

This document explains Access Server's default group address pool functionality and provides tips for using it with cluster setups.

This topic explains how the default group address pool functionality works in Access Server and tips for setting it up with your network.

How the default group address pool works on Access Server

A user assigned to a group will be assigned an IP address from the group's default address pool. If a subnet is defined on the group, that will be used instead. If neither is defined, an error message will result.

Important

A subnet's first and last IP addresses are reserved for use by the Access Server itself.

For example, suppose you have the subnet 192.0.2.0/24; then you might have four connected clients, and Access Server assigns these IP addresses:

  1. 192.0.2.2

  2. 192.0.2.3

  3. 192.0.2.4

  4. 192.0.2.5

Note

In our documentation, we use example IPv4 addresses and subnets reserved for documentation, such as 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24.

Ensure you replace them with valid IPv4 addresses and subnets for your network(s).

Default group address pool on standalone Access Servers

The process for a user looks like this:

  1. Create the user in the Admin Web UI.

  2. Assign the user to a group that doesn't have its own group subnet defined.

  3. When the user connects, Access Server assigns an IP address from the group default IP address network subnet.

Suppose you then define access for that user to other subnets using routing or NAT. Then Access Server grants access without issue. Because only one Access Server uses this subnet, one route can properly ensure routing functions.

One server = one group address pool.

Default group address pool on a cluster of Access Servers

Access Serverhandles the default group address pool differently in a cluster setup.

The administrator can assign unique group default address subnets to each node. That way, routing can be set up to direct packets to the correct subnets.

This table helps provide an example:

Node

User

Group

Subnet

IP address

Alpha node

User A

Group 1

192.0.2.0/24

192.0.2.2

Beta node

User B

Group 1

198.51.100.0/24

198.51.100.2

Gamma node

User C

Group 1

203.0.113.0/24

203.0.113.2

Now, each cluster has its own VPN network and VPN clients. A subnet is no longer assigned to all clusters. This allows routing on cluster configurations where only NAT worked previously because it uses unique node subnets.