Remote Networking

Reply
Occasional Contributor I
Posts: 6
Registered: ‎03-30-2010

RAP in bridge mode, cannot connect from main site

Hi,

We have some branch offices located around our company, with a RAP which connects to a central controller located at the head offices.

The branch offices are connected using high speed private fibre to our central offices.

The clients connect using bridge mode so that they connect to their branch office network. No VLANs are used at the branch offices. No NAT is used. DHCP is handled from the central site.

The clients get put into a role, which has an 'allow all' rule in there.

All is working, and connectivity is good from the client to the central site.

All is working on a layer 3 level, the clients are reachable by ICMP / ping from the central offices to the branch offices.

When you try to do certain things like remote desktop connection (RDP), resultant set of policy, map drives and things like that from the central site to a client, this fails.

Has anyone else come up with this, and if so have they found a solution?

I am using OS5, but it still happened in 3.2.x.

Thanks

Richard
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: RAP in bridge mode, cannot connect from main site

You need to modify the Session ACL parameter in the AP system profile to allow whatever you want to do to the clients. Access points have a firewall policy that only allow certain incoming traffic to bridged users, so you have to modify it. To modify what traffic is allowed, go to configuration> security> access control> policies tab. Edit the ap-uplink-acl parameter to allow port 3389 traffic (terminal services).

By default, it only allows DHCP responses, ICMP and Bonjour traffic.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎03-30-2010

Re: RAP in bridge mode, cannot connect from main site

Thanks, that was just the ticket.

Thanks also for the promtness!

Richard
Occasional Contributor I
Posts: 8
Registered: ‎09-14-2009

Re: RAP in bridge mode, cannot connect from main site

Another option would be to use bridge mode CAP instead of RAP. If you are running OS5 and traffic stays on private networks, it might make more sense.
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: RAP in bridge mode, cannot connect from main site

The issue and resolution remains the same, whether you use CAP or RAP.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: