Community Home > Discuss > Technology > Security > Users are able access VPN through Guest Network wi...

Security

Reply
Supermo121
Occasional Contributor II
Supermo121

Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:13 AM

Hello Guys, 

 

Users connected to guest network aree able to establish VPN tunnels to outside world without going through Guest authentication. Does anyone know which ports do I have to block for Guest access? 

 

Thanks 

Alert a Moderator
Message 1 of 8
909 Views
Tags (2)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:21 AM

Create a new guest logon role with just DHCP, dns, and captive-portal. 


Thanks, 
Tim

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 2 of 8
903 Views
Reply
0 Kudos
Aruba
Aruba
clembo

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:22 AM

Please share the result of the following for the role the guest is in BEFORE authentication.   If you are not sure of the role, check with "show user-table"

 

show rights <NameofRole>

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Alert a Moderator
Message 3 of 8
903 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:41 AM

Hi Celmbo, 

 

As reqyested, please find the details about the Guest-pre auth role attached. 

 

Thanks 

Alert a Moderator
Message 4 of 8
894 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:36 AM

Hello Guys, 

 

Any changes in the role which you recommend after looking at the Guest_Pre_auth role? 

 

Thanks 

Alert a Moderator
Message 5 of 8
866 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:38 AM

Create a new guest logon role with just DNS, DHCP and captive-portal...


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 6 of 8
862 Views
Reply
0 Kudos
Aruba
Aruba
clembo

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:38 AM

Try removing line 5 in the logon-control ACL (svc-natt).    You should not need this in your default logon role.    Or if you are more comfortable, make a new logon-control for your needs and leave the default ACL as is.

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Alert a Moderator
Message 7 of 8
861 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 07:22 AM

Thank you guys, I have made the chage and have asked the users to test it. I will update you when I know more. 

 

Again really appreciate your help!

 

 

Alert a Moderator
Message 8 of 8
834 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2018 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium