Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

How to allow or restrict guest users from setting up a external vpn connection? 

Jun 29, 2014 07:31 PM

Environment : This article applies to Aruba Mobility Controllers and Aruba Instant Access Points.

 

In most of the deployments, only web traffic is permitted for guest users. It is according to the company or the university policies, that an network can allow guest users to initiate and successfully establish a external VPN connection.

Therefore, with the help of an access lists in the user-role, an administrator can allow or deny an outgoing VPN connection. Below are the set of acl's that need to allowed in the guest authenticated role:


user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
user any svc-natt permit


NOTE: "User" indicates that the source client is a valid user in the User-table.
 
If the policy for guest networks do not want guests to initiate a vpn connection, then make sure above acls are denied in the authenticated role.

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.