ArubaOS and Controllers

Reply
Occasional Contributor I

split tunnel setup

I am attempting to configure split tunneling for a RAP setup, but am running into a problem when configuring the policy. I am creating an alias for the destination to point to our internal network. In the documentation i have it says to setup a network and make the ip address the public ip address of the controller. I am attempting to do that but when i put the address and mask in i get the following error
error adding/editing netdestination:invalid ip address/netmask

The ip address and netmask are absolutely correct it is a 208. public address with a netmask of 255.255.255.128. Any help would be appreciated.
Aruba

split tunnel setup

Can you please paste in the snippet of configuration you are working on.

If you are pointing to your 'internal' network then you would not use a public / 208 addr.

Typically a split tunnel user data policy looks something like this, where 10.0.0.0 is your internal addressing:

!
user network 10.0.0.0 any permit
user any any route src-nat
!
Occasional Contributor I

Re: split tunnel setup

Thats where I am lost, in the user guide i am using it states

Under the alias section, click New. Enter a name in the Destination Name field.
a. Click Add.
b. For Rule Type, select Network.
c. Enter the public IP address of the controller.
d. Enter the Network Mask/Range.
e. Click Add to add the network range.
f. Click Apply. The new alias appears in the Destination menu.

So should i use the public ip or the private ip of the controller?
Aruba

split tunnel setup

Which version and page are you looking at ? I will read and recommend changes iff needed ;)

Alias for the internal network (of any flavor) should not point to a public IP address.
Occasional Contributor I

Re: split tunnel setup

it is from the user guide for 6.0 titled ArubaOS 6.0. Read down through the split tunneling section and you will find it. I will try pointing to the inside of the NAT with the 10. address of the controller then.
Aruba

split tunnel setup

Thanks for the note.

I did a manual search and found the reference on page 218 of the AOS 6.1 user guide. That should indeed be the internal IP address(es) of your network.

The Remote AP (RAP) itself needs to have *knowledge* of the public IP address of the controller, BUT the users/user policies do not.

Please use the internal addressing (10.x.x.x, 172.16.x.x, 192.168.x.x) for your network in the user role policies as I have earlier in the thread. That should work.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: