Security

Reply
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Clearpass GRE tunnel

My guest users are in a subnet that is non-routable on our internal network and therefore cannot reach my clearpass server.  I have successfully created a GRE tunnel b/w my controller and clearpass.  Guest users get redirected to a login page using the CPPM GRE tunnel IP.  My questions is what do others do so that the guest users do not get a certificate warning when hitting https://<tunnelIP>/guest/login.php.  We currently use Symantec/Versign for obtaining certificates and they no longer allow an IP address in the SAN field.  Just curious what others do in this situation.

Guru Elite
Posts: 8,444
Registered: ‎09-08-2010

Re: Clearpass GRE tunnel

We get creative with some static routes and DNS proxy. We've never been able
to make the GRE tunnel method work 100%.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Clearpass GRE tunnel

That's correct most Third party SSL companies do not accept IPs anymore.

 

You will need to use a dns name , what you can do is probably NAT the dns traffic just to reach the ClearPass server

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: