Reset Search



KB45413 - Unable to allocate Ip address for, When more than one role is assigned to user's with Merge settings for all assigned roles

« Go Back


Last Modified Date9/28/2022 8:53 AM
This article explains the IP allocation issues when users are mapped to multiple VPN tunneling Roles.

The user access log says

VPN Tunneling: IPv4 address cannot be allocated to user XXXX. Solution: Check IPv4 Address Pools / DHCP server state.\

The Pulse Desktop client or Ivanti Client shows Waiting to connect " Unable to allocate IP"
Problem or Goal
The problem occurs when multiple Connection profiles configured with "Policy applies to all roles OTHER THAN those selected roles". 

When user being matched to multiple roles and  Merge settings for all assigned roles (Users > User realm > Role mapping) , among that role there will be one role which as stop processing at which the VPN will assign the IP from the pool configured for that role.

User-added image

When this stop processing role has a VPN/Connection profile configured under Users > Resource policy > Connection profiles with static IP pool range or DHCP and That rule is configured as "Policy applies to all roles OTHER THAN those selected roles".

User-added image

The selected column will not have all the roles mapped/matched to user.
This is the default Behavior with PCS and the solution for this issue is The selected column should contain all the roles which users are matched or mapped to.

User-added image

Also this can be configured as Policy applies to selected roles, selecting set of roles. That will assign the IP even one of the role users are mapped is missing. 

User-added image
Related Links

Attachment 1 
Created BySasikumar Manimaran



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255