Home > Community > Technology > Security > Users are able access VPN through Guest Network wi...

Security

Reply
Topic Options
Supermo121
Occasional Contributor II
Supermo121
Posts: 28
Registered: ‎07-22-2015

Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 04:13 AM

Hello Guys, 

 

Users connected to guest network aree able to establish VPN tunnels to outside world without going through Guest authentication. Does anyone know which ports do I have to block for Guest access? 

 

Thanks 

Alert a Moderator
Message 1 of 8 (786 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,732
Registered: ‎09-08-2010

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 04:21 AM

Create a new guest logon role with just DHCP, dns, and captive-portal. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 2 of 8 (780 Views)
Reply
0 Kudos
Aruba Aruba
Aruba
clembo
Posts: 1,644
Registered: ‎04-13-2009

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 04:22 AM

Please share the result of the following for the role the guest is in BEFORE authentication.   If you are not sure of the role, check with "show user-table"

 

show rights <NameofRole>

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Alert a Moderator
Message 3 of 8 (780 Views)
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121
Posts: 28
Registered: ‎07-22-2015

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 04:41 AM

Hi Celmbo, 

 

As reqyested, please find the details about the Guest-pre auth role attached. 

 

Thanks 

Alert a Moderator
Message 4 of 8 (771 Views)
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121
Posts: 28
Registered: ‎07-22-2015

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 05:36 AM

Hello Guys, 

 

Any changes in the role which you recommend after looking at the Guest_Pre_auth role? 

 

Thanks 

Alert a Moderator
Message 5 of 8 (743 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,732
Registered: ‎09-08-2010

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 05:38 AM

Create a new guest logon role with just DNS, DHCP and captive-portal...


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 6 of 8 (739 Views)
Reply
0 Kudos
Aruba Aruba
Aruba
clembo
Posts: 1,644
Registered: ‎04-13-2009

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 05:38 AM

Try removing line 5 in the logon-control ACL (svc-natt).    You should not need this in your default logon role.    Or if you are more comfortable, make a new logon-control for your needs and leave the default ACL as is.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Alert a Moderator
Message 7 of 8 (738 Views)
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121
Posts: 28
Registered: ‎07-22-2015

Re: Users are able access VPN through Guest Network without going through guest authentication
Options

‎09-30-2015 07:22 AM

Thank you guys, I have made the chage and have asked the users to test it. I will update you when I know more. 

 

Again really appreciate your help!

 

 

Alert a Moderator
Message 8 of 8 (711 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium