03-14-2016 02:09 PM
I am New to Aruba appliances. I need help accessing a host computer behind a RAP from a public IP address using a cisco firewall NAT. I have a public IP address NATed on the Cisco Firewall to the Aruba Controller and that works. I then wanted to port forward the port 50080 to the host computer. I can access the specified host computer from anywhere on the internal network using 10.208.58.x but not externally.
The public ip address of 173.165.x.x NAT’s to 10.208.48.x on the Cisco Firewall. This allows me to the aruba controller externally.(https://173.165.x.x:4343)
On the Aruba Controller I set up the policy session IPv4 any host 10.208.48.x tcp 50080 dst-nat ip 10.208.58.x 80
I applied the Policy to the port firewall policy session
03-14-2016 03:29 PM
Unfortunately, you cannot do a static inbounds NAT to a device behind a RAP.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
03-15-2016 12:53 AM
Though the RAP will not allow inbound NAT, you can probably access that computer via the controller. Through the controller, you have full access to the clients behind the RAP (The RAP connection is layer 2 transparent), and it might be a solution in your case to create that inbound NAT entry in the data center where the controller lives, and then just route the traffic through the controller to the computer behind the RAP.
If you have multiple RAPs, this even simplifies the solution as you can keep the NAT and firewalling central.
Would that work?
If you have urgent issues, please contact your Aruba partner or Aruba TAC.