Security

Reply
Contributor II
Posts: 53
Registered: ‎11-20-2012

Is it possible to detect someone using a vpn ? were using 3200XM console.

Is it possible to detect someone using a vpn ? were using 3200XM console.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

HI,

What exactly you want here ? which VPN you are talking about ?

 

Please clarify

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

we have a 1 to 1 iPad deployment wih our high school students some have downloaded a vpn I was able to block the app from being downloaded. However once the app is downloaded they can still use the vpn on campus. I wanted to know if it was possible to see who is using the vpn ?

MVP
Posts: 4,124
Registered: ‎07-20-2011

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

If you want to block the VPN access you can add a rule under the user-role to deny VPN access UDP 4500.

 

You can also run the following command to see if the user is using VPN:

show datapath session table <ip address of user> | include 4500

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

Ok Great thanks for the help. Im kind of new to this controller where can I find the user role?

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

HI,

 

To know the User role use "show user-table" command. and add a policy to block UDP 4500 traffic.

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 53
Registered: ‎11-20-2012

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

So it can only be done through the command line not GUI ?

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

HI,

 

No. you can also get User information through GUI as well,

Open Web UI of your Controller and navigate to Monitoring-->Clients, you can see all the details of that client, Username, MAC and IP address, Role, Associated AP, Age etc...

 

Please feel free if you need further clarity on this.

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
MVP
Posts: 705
Registered: ‎12-01-2010

Re: Is it possible to detect someone using a vpn ? were using 3200XM console.

I should point out that that's only going to detect/block VPN on port 4500 - there are fairly simple ways for determined users to change ports or protocols for their VPN.

Students are tenacious about looking for ways around you.

I've seen VPN on port 53, 443, 500 and several others.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: