Home > Community > Technology > Security > Users are able access VPN through Guest Network wi...

Security

Reply
Topic Options
Supermo121
Occasional Contributor II
Supermo121

Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:13 AM

Hello Guys, 

 

Users connected to guest network aree able to establish VPN tunnels to outside world without going through Guest authentication. Does anyone know which ports do I have to block for Guest access? 

 

Thanks 

Alert a Moderator
Message 1 of 8
799 Views
Tags (2)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:21 AM

Create a new guest logon role with just DHCP, dns, and captive-portal. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 2 of 8
793 Views
Reply
0 Kudos
Aruba Aruba
Aruba
clembo

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:22 AM

Please share the result of the following for the role the guest is in BEFORE authentication.   If you are not sure of the role, check with "show user-table"

 

show rights <NameofRole>

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Alert a Moderator
Message 3 of 8
793 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 04:41 AM

Hi Celmbo, 

 

As reqyested, please find the details about the Guest-pre auth role attached. 

 

Thanks 

Alert a Moderator
Message 4 of 8
784 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:36 AM

Hello Guys, 

 

Any changes in the role which you recommend after looking at the Guest_Pre_auth role? 

 

Thanks 

Alert a Moderator
Message 5 of 8
756 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:38 AM

Create a new guest logon role with just DNS, DHCP and captive-portal...


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 6 of 8
752 Views
Reply
0 Kudos
Aruba Aruba
Aruba
clembo

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 05:38 AM

Try removing line 5 in the logon-control ACL (svc-natt).    You should not need this in your default logon role.    Or if you are more comfortable, make a new logon-control for your needs and leave the default ACL as is.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Alert a Moderator
Message 7 of 8
751 Views
Reply
0 Kudos
Supermo121
Occasional Contributor II
Supermo121

Re: Users are able access VPN through Guest Network without going through guest authentication

‎09-30-2015 07:22 AM

Thank you guys, I have made the chage and have asked the users to test it. I will update you when I know more. 

 

Again really appreciate your help!

 

 

Alert a Moderator
Message 8 of 8
724 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium