09-29-2015 02:49 AM
could someone help with IAP VPN, please?
Basically I have IAP terminating VPN on controller and once controller is with AP license and second time without AP license.
1. controller with license:
If I add IAP to to whitelist-db rap I'll se that IAP will get Remote-IP configured over whitelist. This remote-IP is pingable and I am even able to ssh on IAP over VPN tunnel created.
My question is if I am able to reach some other subnets behind this tunnel on customer side? For example I have client conneted to IAP SSID and this subnet is bridged locally on customer site. Or am I able to reach just remote-ip of IAP?
2. controller without license:
According to my info for IAP <-> Controller VPN termination no licenses are needed (if I take in account that I do not want to change default VPN role or policies inside of the role).
According to my test I see on controller that VPN tunnel has been setup but I am not able to reach anything from DC through this tunnel on customer site. Even not IAP itself.
So my question is, do I need licenses in case I would like to reach some suctomer subnet behind tunnel?
Can I ssh to IAP?
THX for help