Security

Hi all,

I have a question regarding IPsec configuration on ClearPass. I have successfully established an IPsec tunnel between ClearPass and another IPsec gateway. But where can I specify which traffic to go through this tunnel? There are no options to configure encrypted subnet in ClearPass IPsec settings (only protocol and port are available in "Traffic Selectors" tab, as shown below).

Thank you very much for your help,

Try here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/CLI/Network_Commands.htm

Hi,

I tried routing the destination subnet through data port (the port through which I setup the IPsec tunnel) on ClearPass, but still can't access the destination host. It seems there's no way on ClearPass to verify if the traffic has gone through the tunnel (being encrypted) or not.

I really appreciate if someone can share their experiences on setting up IPsec tunnel on ClearPass. In my case, the tunnel has been established but can't access the destination host through tunnel.

Thank you,

To be honest, the ipsec tunnel is typically for protecting traffic between two clearpass boxes, so you would not really need a route.

What are you trying to do?

Hi,

I'm using Microsoft Azure as identity source, so my deployment would be for ClearPass to do a LDAP query to Azure via an IPsec tunnel. It worked fine when I use a separate gateway to establish VPN connection with Azure gateway. But I think it should be better if we can setup a direct VPN connection between ClearPass and Azure gateway, so that I don't need a separate device just for that purpose. That's what I'm trying to do.

Is this possible with the latest ClearPass version? (I'm using 6.6.8).

Thank you, 

Can you use ldap-s, then?

Hi,

I've been using LDAPS already. But the identity source on Azure is using a private address (RFC 1918), so we have to setup an IPsec tunnel for it to work. I think it's more secure in terms of security.