Security

Reply
Contributor I

ClearPass IPsec tunnel

Hi all,

 

I have a question regarding IPsec configuration on ClearPass. I have successfully established an IPsec tunnel between ClearPass and another IPsec gateway. But where can I specify which traffic to go through this tunnel? There are no options to configure encrypted subnet in ClearPass IPsec settings (only protocol and port are available in "Traffic Selectors" tab, as shown below).

 

ipsec.PNG

 

Thank you very much for your help,

 

 

Guru Elite

Re: ClearPass IPsec tunnel

Try here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/CLI/Network_Commands.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: ClearPass IPsec tunnel

Hi,

 

I tried routing the destination subnet through data port (the port through which I setup the IPsec tunnel) on ClearPass, but still can't access the destination host. It seems there's no way on ClearPass to verify if the traffic has gone through the tunnel (being encrypted) or not.

 

I really appreciate if someone can share their experiences on setting up IPsec tunnel on ClearPass. In my case, the tunnel has been established but can't access the destination host through tunnel.

 

Thank you,

Guru Elite

Re: ClearPass IPsec tunnel

To be honest, the ipsec tunnel is typically for protecting traffic between two clearpass boxes, so you would not really need a route.

 

What are you trying to do?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: ClearPass IPsec tunnel

Hi,

 

I'm using Microsoft Azure as identity source, so my deployment would be for ClearPass to do a LDAP query to Azure via an IPsec tunnel. It worked fine when I use a separate gateway to establish VPN connection with Azure gateway. But I think it should be better if we can setup a direct VPN connection between ClearPass and Azure gateway, so that I don't need a separate device just for that purpose. That's what I'm trying to do.

 

Is this possible with the latest ClearPass version? (I'm using 6.6.8).

 

Thank you, 

Guru Elite

Re: ClearPass IPsec tunnel

Can you use ldap-s, then?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: ClearPass IPsec tunnel

Hi,

 

I've been using LDAPS already. But the identity source on Azure is using a private address (RFC 1918), so we have to setup an IPsec tunnel for it to work. I think it's more secure in terms of security.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: