Network Architecture
Provide 2 x IP addresses on the Dept. subnet for VPN appliance/node addressing (contiguous preferred)
VPN client IP address allocation

Dept. should consider using a maskable range for easy ACLs, and to ensure adequate quantity to cover expected department’s concurrent VPN users.

IP address allocation
Campus VPN servers will allocate IP addresses to clients. Addresses not need to be contiguous.
Dept. DHCP server will allocate IP addresses to clients
DNS preferences (optional)

If desired, department-specific DNS settings can be pushed to VPN clients. 

Group Tagger Managers

We will request a new Group Tagger group created for you from Identity. Your dept. needs to specify who will administer group membership - membership in the group is used for Role Mapping, which presents the Dept. network role choice to user after authentication on the VPN. 

Optional preferences

(idle, max, reminder) if something other than default is desired. Defaults are: idle: 60 min, max session 720 min, reminder 5 min.