Security

last person joined: 6 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Allow IPSEC vpn client connectivity via wireless

This thread has been viewed 1 times

  • 1.  Allow IPSEC vpn client connectivity via wireless

    Posted Feb 06, 2013 10:23 AM

    Hello


    We are running into an issue where ipsec vpn connecitvity isn't working on our guest wireless.  SSL VPN works as its 443 but anything ispec is blocked.  Do I need to allow that network service or is there an easier way?

     

    Thanks



  • 2.  RE: Allow IPSEC vpn client connectivity via wireless

    Posted Feb 06, 2013 11:49 AM

    There is a predefined "vpnlogon" policy that permits all standard VPN protocols.    You could apply that to your guest role, or selectively add what you need.  

     

    The following summarizes the ACL:

     

    ip access-list session vpnlogon
    user any svc-ike permit
    user any svc-esp permit
    any any svc-l2tp permit
    any any svc-pptp permit
    any any svc-gre permit
    user any svc-natt permit