All posts tagged security

Absolute Secure Access and IPv6

Absolute Secure Access (formerly NetMotion Mobility) is a premium enterprise secure remote access solution with deep user and application insight supporting Windows, Mac, iOS (iPhone and iPad), and Android devices. Although Absolute Secure Access supports IPv6 for remote network connections and client IP address assignment, the latter is not enabled by default. Administrators must make additional changes to the configuration to assign IPv6 addresses to their clients so they can access resources inside the tunnel using IPv6.

DHCPv6 and SLAAC

Absolute Secure Access supports DHCPv6 and Stateless Address Autoconfiguration (SLAAC) methods for assigning IPv6 addresses to connected clients. Although IPv6 client addressing is not enabled by default, it is quick and easy to configure.

Note: Absolute Secure Access does not currently support static IPv6 prefix assignment.

Enable IPv6

To enable IPv6 global support for all Absolute Secure Access clients, open the Secure Access management console and navigate to Configure > Client Settings > Virtual Address > Allocation Method: IPv6. Administrators can choose to support either DHCPv6 alone or DHCPv6 and SLAAC. After making a selection, click the Apply button to save the changes.

Once configured, Absolute Secure Access clients will be assigned an IPv6 address and can access IPv6 resources over the Secure Access tunnel.

Split Tunneling

If you have configured the Absolute Secure Access policy for split tunneling, ensure you have included your internal IPv6 prefix(es) defined in the split tunneling policy.

Additional Information

NetMotion Mobility is now Absolute Secure Access

Absolute Secure Access Zero Trust Network Access (ZTNA)

What’s New in Absolute Secure Access v13

Absolute Secure Access Features and Capabilities

Absolute Secure Access Advanced Features In Depth

Enterprise Zero Trust Network Access (ZTNA) and VPN

Leave a comment
by Richard M. Hicks on March 14, 2024  •  Permalink
Posted in Absolute, Absolute Secure Access, Absolute Software, administration, Enterprise, enterprise mobility, Infrastructure, IPv6, Mobility, NetMotion, NetMotion Mobility, NetMotion Software, Operational Support, Remote Access, Security, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022, Zero Trust, Zero Trust Network Access, ZTNA
Tagged , , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 14, 2024

https://directaccess.richardhicks.com/2024/03/14/absolute-secure-access-and-ipv6/

Always On VPN Ask Me Anything (AMA) March 2024

Do you have questions about Always On VPN? Are you having a specific issue you can’t figure out? Would you like more information about configuration options? Here’s your chance to get your questions answered! Join me on Tuesday, March 26, at 10:00 AM PDT (UTC -7) for an opportunity to ask me anything (AMA!) about Microsoft Windows Always On VPN and related technologies.

The AMA will be an open forum session where we can all talk shop about Always On VPN. It’s a great chance to learn new things and share experiences with your peers. We’ll discuss known issues and limitations, best practices, and more.

Everyone is welcome. Don’t miss out on this excellent opportunity to connect and learn. Register now!

Can’t make the session? Register anyway, and I’ll send you the link to the recording as soon as it is available!

Leave a comment
by Richard M. Hicks on March 12, 2024  •  Permalink
Posted in Always On VPN, AMA, AOVPN, enterprise mobility, learning, Microsoft, Mobility, Remote Access, Security, VPN
Tagged , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on March 12, 2024

https://directaccess.richardhicks.com/2024/03/12/always-on-vpn-ask-me-anything-ama-march-2024/

Always On VPN Static IP Address Assignment

A question that occasionally arises when I’m conducting an Always On VPN planning and design workshop for a customer is static IP address assignment options for VPN connections. Typically, the use case is a specific user that requires special access to a sensitive system internally. Assigning a static IP address to the user allows administrators to create firewall rules restricting access to this connection.

Static IP Assignment

Assigning a static IP address to a user is accomplished by editing the properties of their user account in Active Directory. Open the Active Directory Users and Computers console (dsa.msc), navigate to the Dial-in tab on the target individual’s Active Directory user account, and check the box next to Assign Static IP Addresses.

Next, click the Static IP Addresses button, check the box next to Assign a Static IPv4 address, and enter an IP address. Optionally, check the box next to Assign a static IPv6 address and enter a prefix and Interface ID, if required.

NPS Configuration

Once the user account in Active Directory is configured with a static IP address assignment, each NPS server in the organization must be registered in Active Directory. More details on Active Directory registration for NPS servers can be found here.

Caveats

Assigning static IP addresses to VPN users has many drawbacks and limitations. Consider the following.

Device IP

Assigning a static IP address to a device is not supported. You can only assign a static IP address to a user in Active Directory.

Address Assignment

The IP address you assign to the user must be from the same subnet as the VPN server’s internal network interface. If there is more than one VPN server, all VPN servers must be on the same subnet.

Multisite

Assigning static IP addresses to users is not supported when VPN servers are deployed in multiple locations.

Concurrent Sessions

Users with a static IP address assignment must only log on to one device at a time. If a user attempts to log in to multiple devices simultaneously, subsequent connections will fail due to the duplicate IP address assignment.

NPS

Always On VPN administrators may have discovered the option to assign a static IP address using NPS policy. Unfortunately, this option is severely limited. A separate NPS policy is needed for each user that requires a static IP address. However, NPS does not support assigning NPS policies to users, only groups. Technically speaking, you could create a separate group for each user needing a static IP address, but that’s not scalable. Also, it offers no real advantage over using the Active Directory method described above.

Summary

Although it’s possible to assign a static IP address to a user, there is currently no option to assign a static IP address to a device. In addition, static IP address assignment imposes other limitations that make the option challenging. Also, the inability to connect to geographically dispersed VPN servers is severely limiting.

Additional Information

Always On VPN and NPS Active Directory Registration

Always On VPN Client IP Address Assignment Methods

Always On VPN and IPv6

Leave a comment
by Richard M. Hicks on February 19, 2024  •  Permalink
Posted in Active Directory, administration, Always On VPN, AOVPN, authentication, Deployment, Enterprise, enterprise mobility, Infrastructure, IPv6, Microsoft, Mobility, multisite, network policy server, NPS, Operational Support, Remote Access, routing and remote access service, RRAS, Security, user tunnel, VPN, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Tagged , , , , , , , , , , ,

Posted by Richard M. Hicks on February 19, 2024

https://directaccess.richardhicks.com/2024/02/19/always-on-vpn-static-ip-address-assignment/

« Older Posts
Newer Posts »