Security

Reply
Occasional Contributor II

Users are able access VPN through Guest Network without going through guest authentication

Hello Guys, 

 

Users connected to guest network aree able to establish VPN tunnels to outside world without going through Guest authentication. Does anyone know which ports do I have to block for Guest access? 

 

Thanks 

Guru Elite

Re: Users are able access VPN through Guest Network without going through guest authentication

Create a new guest logon role with just DHCP, dns, and captive-portal. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba

Re: Users are able access VPN through Guest Network without going through guest authentication

Please share the result of the following for the role the guest is in BEFORE authentication.   If you are not sure of the role, check with "show user-table"

 

show rights <NameofRole>

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Hi Celmbo, 

 

As reqyested, please find the details about the Guest-pre auth role attached. 

 

Thanks 

Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Hello Guys, 

 

Any changes in the role which you recommend after looking at the Guest_Pre_auth role? 

 

Thanks 

Guru Elite

Re: Users are able access VPN through Guest Network without going through guest authentication

Create a new guest logon role with just DNS, DHCP and captive-portal...


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba

Re: Users are able access VPN through Guest Network without going through guest authentication

Try removing line 5 in the logon-control ACL (svc-natt).    You should not need this in your default logon role.    Or if you are more comfortable, make a new logon-control for your needs and leave the default ACL as is.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Thank you guys, I have made the chage and have asked the users to test it. I will update you when I know more. 

 

Again really appreciate your help!

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: