Before configuring a PPP connection profile, you should be familiar with your network IP address management strategy. This strategy influences many of the decisions throughout the configuration process including your authentication strategies, security considerations, and TCP/IP settings.
Typically, the local and remote IP addresses defined for an originator profile will be defined as Assigned by remote system. This enables the administrators on the remote system to have control over the IP addresses that will be used for the connection. Most all connections to Internet service providers (ISP) will be defined this way, although many ISPs can offer fixed IP addresses for an additional fee.
If you define fixed IP addresses for either the local or remote IP address, be sure that the remote system is defined to accept the IP addresses you have defined. One typical application is to define your local IP address as a fixed IP address and the remote to be assigned by the remote system. The system you are connecting can be defined the same way so when you connect, the two systems will exchange IP addresses with each other as a way to learn the IP address of the remote system. This might be useful for one office calling another office for temporary connectivity.
Another consideration is whether you want to enable IP address masquerading. For example, if the system connects to the Internet through an ISP, this can allow an attached network behind the system to access the Internet. Basically, the system hides the IP addresses of the systems on the network behind the local IP address assigned by the ISP, thus making all IP traffic appear to be from the system. There are also additional routing considerations for both the systems on the LAN (to ensure their Internet traffic is sent to the system) as well as the system where you need to enable the add remote system as the default route box.
Receiver connection profiles have many more IP address considerations and options than the Originator Connection Profile does. How you configure the IP addresses depends on the IP address management plan for your network, your specific performance and functional requirements for this connection, and the security plan.
For a single receiver profile, you can define a unique IP address or use an existing local IP address on your system to identify the end of the PPP connection. For receiver profiles defined to support multiple connections at the same time, use an existing local IP address. If no existing local IP addresses are present, you can create a virtual IP address for this purpose.
There are many options for assigning remote IP addresses to PPP clients. The following options can be specified on the TCP/IP page of the receiver connection profile.
If you want the remote system to be considered part of the LAN, you should configure IP address routing, specify an IP address within the IP address range for LAN-attached systems, and verify that IP forwarding has been enabled for both this connection profile and the system.
| Option | Description |
|---|---|
| Fixed IP address | You define the single IP address that is to be given to remote users when they dial in. This is a host only IP address (Subnet mask is 255.255.255.255) and is only for single connection receiver profiles. |
| Address Pool | You define the starting IP address and then a range of how many additional IP addresses to define. Each user that connects will then be given a unique IP address within the defined range. This is a host only IP address (Subnet mask is 255.255.255.255) and is only for multiple connection receiver profiles. |
| RADIUS | The remote IP address and it's subnet mask will be determined by the Radius server. This is only if the following is defined:
|
| DHCP | The remote IP address is determined by the DHCP server directly or indirectly through DHCP relay. This is only if DHCP support has been enabled from the Remote Access Server services configuration. This is a host only IP address (Subnet mask is 255.255.255.255). |
| Based on remote system's user ID | The remote IP address is determined by the user ID defined for the remote system when it is authenticated. This allows the administrator to assign different remote IP addresses (and their associated subnet masks) to the user that dials in. This also allows additional routes to be defined for each of these user IDs, so that you can tailor the environment to the known remote user. Authentication must be enabled for this function to work properly. |
| Define additional IP addresses based on remote system's user ID | This option allows you to define IP addresses based on the user ID of the remote system. This option is automatically selected (and must be used) if the remote IP address assignment method is defined as Based on remote system's user ID. This option is also allowed for IP address assignment methods of Fixed IP address and Address Pool. When a remote user connects to the system, a search will be made to determine if a remote IP address is defined specifically for this user. If it is then that IP address, mask and set of possible routes will be used for the connection. If the user is not defined, the IP address will default to the defined Fixed IP address or the next Address Pool IP address. |
| Allow remote system to define it's own IP address | This option allows a remote user to define their own IP address if they negotiate to do so. If they do not negotiate to use their own IP address, the remote IP address will be determined by the defined remote IP address assignment method. This option is initially disabled and careful consideration should be used before enabling it. |
| IP address routing | The dial-up client and the system must have IP address routing properly configured if the client needs access to any IP addresses on the LAN to which the system belongs. |