Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass GRE tunnel

This thread has been viewed 0 times

  • 1.  Clearpass GRE tunnel

    Posted Mar 25, 2015 08:23 AM

    My guest users are in a subnet that is non-routable on our internal network and therefore cannot reach my clearpass server.  I have successfully created a GRE tunnel b/w my controller and clearpass.  Guest users get redirected to a login page using the CPPM GRE tunnel IP.  My questions is what do others do so that the guest users do not get a certificate warning when hitting https://<tunnelIP>/guest/login.php.  We currently use Symantec/Versign for obtaining certificates and they no longer allow an IP address in the SAN field.  Just curious what others do in this situation.



  • 2.  RE: Clearpass GRE tunnel

    EMPLOYEE
    Posted Mar 25, 2015 09:06 AM
    We get creative with some static routes and DNS proxy. We've never been able
    to make the GRE tunnel method work 100%.


  • 3.  RE: Clearpass GRE tunnel

    Posted Mar 25, 2015 09:08 AM

    That's correct most Third party SSL companies do not accept IPs anymore.

     

    You will need to use a dns name , what you can do is probably NAT the dns traffic just to reach the ClearPass server