Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎11-19-2014

Static route to allow WiFi users to access service on internal network

Hi all,

My company uses AP105s with virtual controller assigned IPs.

Users can access secure mail on their wireless device via cellular Internet service.

The mail service is Natted 65.x.x.x to 208.x.x.x. on the external router

 

When users connect to the AP105's WiFi on the internal network, they cannot access

the mail service. So I take it a NAT loopback is not allowed on the external router?

 

Can I create a static route on the AP105s to resolve this?

I've attached simple diagram to illustrate.

Thanks!

 

 

 

Aruba
Posts: 1,635
Registered: ‎04-13-2009

Re: Static route to allow WiFi users to access service on internal network

[ Edited ]

Are your clients resolving the 65.x.x.x IP for the mail server rather than the 208.x.x.x address?  If so, you could setup a rule on your user role that will destination NAT your requests to the internal IP (208.x.x.x) rather than the resolvable external 65.x.x.x.

 

The following shows all traffic for the host destination NAT'd; but you could get more granular.

 

iap-redirect-acl1.png

 

iap-redirect-acl2.png

 

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 4
Registered: ‎11-19-2014

Re: Static route to allow WiFi users to access service on internal network

Clembo,

Thank you very, very much for the reply.

What you said and illustrated is exactly what I need to do, but I don't see any

option on the AP105s to do so.

 

The rules only have  Allow/Deny a service to a server or network.

I don't see any that allow a re-route/redirect.

Your illustration looks more advanced that what I have when I go to the rules.

I've attached a pic showing an example of what I see.

 

I'm on OS 6.1.2.3-2.0.0.3_31389.

 

Do I need an OS upgrade to get those redirect options perhaps?

 

Thanks

Aruba
Posts: 1,635
Registered: ‎04-13-2009

Re: Static route to allow WiFi users to access service on internal network

You'll need to upgrade to a newer Instant OS.   I don't know what version introduced those features.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 4
Registered: ‎11-19-2014

Re: Static route to allow WiFi users to access service on internal network

Clembo,

 

OK, I will upgrade and respond back.

 

Thanks!

New Contributor
Posts: 4
Registered: ‎11-19-2014

Re: Static route to allow WiFi users to access service on internal network

Clembo,

 

The IOS devices can access the server internally now. Our vendor worked with us.

 

It was still a good idea to upgrade the OS though and I did so.

I added appropriate allow/port rules and it's working now.

 

Thanks!

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: