How to assign a Static IP Address to an L2TP VPN Client using RADIUS/LDAP Server

When connecting to a Gen 7 Firewall from an L2TP VPN Client, L2TP over IPsec VPN feature can be configured to either assign a dynamic IP Address to the Client from an IP pool or assign a static IP Address to the Client using a RADIUS/LDAP Server. This KB Article assumes that the Firewall Administrator is already familiar with the following configurations mentioned in the below-listed KB. If not it's important for the Firewall Administrator to familiarize it as the steps described in this KB would need them as pre-requisites:

• L2TP VPN Configuration
• Configuring RADIUS authentication for Global VPN Clients with Network Policy and Access Server
• How to integrate LDAP/Active Directory user authentication?

1. In the Microsoft Server Active Directory Users and Computers, right-click and open the properties dialogue box of the user to whom a static IP needs to be assigned

2. On the properties dialogue box, click on Dial-in tab

3. Enable Control Access through NPS Network Policy under Network Access Permission
4. Click on Static IP Addresses... under Assign Static IP Addresses
5. Enable Assign a static IPv4 Address: and key in the IP Address like the example below. Ensure that the IP address is within the network scope of X0 LAN but excluded from any DHCP Static/Dynamic Scopes and also doesn't conflict with any manually addressed workstation IPs in the X0 LAN. This step concludes the configuration needed for the Windows RADIUS Server

6. Navigate to SonicOS Contemporary Gui > Network > IPsec VPN > L2TP Server > Settings > Configure > L2TP User Settings 
7. Enable IP address provided by RADIUS/LDAP Server
8. Drop down the User group for L2TP users and set it to Trusted Users and Save. This step concludes the configuration needed on the SonicWall Firewall

9. Navigate to SonicOS Contemporary Gui > Device > Users > Settings > Authentication > Configure RADIUS > Test and test the RADIUS Username to validate the expected test output for 'Framed IP Address' as shown in the example below:

10. Connect from a workstation or mobile device using built-in L2TP VPN with Pre-Shared Key configuration and the client would get the RADIUS Server assigned IP for PPP Adapter as shown in the example below: