- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
10-21-2015 06:55 AM - edited 10-21-2015 06:56 AM
The documentation I have found so far shows instructions and screen shots that do not fully much the GUI I'm seeing on the controller. Maybe I haven't checked the right places so far? We're using an Aruba 650 controller on the 6.3 branch.
My goal is to place a RAP in a remote office and let users connecting to the RAP through wifi access resources at the main office. As far as I understand, split tunnel makes the clients in the remote office use the DHCP-server in the main office and sends data for the main office to the main office (not NAT'ed) and sends data for the internet directly to the internet (NAT'ed). Is this correct?
And will computers in the main office be able to ping systems in the remote office as well?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
10-21-2015 07:02 AM
Correct on all counts. Users in the main office will be able to ping clients on APs in the remote office, because they will have routable ip addresses, assigned from the datacenter.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
10-21-2015 07:15 AM - edited 10-21-2015 07:19 AM
Thank you. Should the most up-to-date info be in the knowledge base? Or do you have a URL to a guide I should use? If I run into something that looks different in my setup, shall I let you know in this thread?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
10-21-2015 07:20 AM
It has not changed in years. You would need to make sure:
- The access point is configured as a remote AP (required for split tunneling)
- The Virtual AP is configured as Split-Tunnel
- The user role assigned should look like this:
any any service dhcp permit
any network corpnetwork any permit
any any any route src-nat
The first rule permits dhcp which is essential
The second rule detects any traffic going back to the corporate network and permits it back through the tunnel
The third rule is a catch all for anything that is not destined to corporate and source-nats it out of the ip address of the RAP.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
10-21-2015 07:27 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
11-10-2015 04:40 AM - edited 11-10-2015 05:08 AM
yay, I got it to work :) Thanks for the help.
There's a CRUCIAL mistake in the Understanding Split Tunneling guide (http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Remote_AP/Split_Tunneling.htm). It says at step 13e: Under Action, select ANY and check src-nat. This is not correct! It should be ROUTE and check src-nat. It lead me to chosing the action 'src-nat' (wich asked me to define a nat pool), wich is not correct either.
8e: says to enter the public IP of the controller. But it should be the IP of the network(s) you're trying to tunnel.
Some guides are saying I need to add an allow-all firewall-policy to the user-role, but doesn't seem neccessary.
Making the Port Wired AP profile 'trusted' wasn't needed either. (wasn't in a guide, but I remember it being needed when I was doing a different config).
What I don't understand yet is the Defining Corporate DNS Servers part. What does it do exactly? My DHCP hands out a corporate DNS-server in the range that is tunneled and it works. Why would I add DNS Server names in the Corporate DNS part? It it meant to be used when your DNS server is not in the range that gets tunneled?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
11-10-2015 05:54 AM
eriknl2,
Thank you. We ill get that fixed.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
11-12-2015 11:30 AM
Eriknl2,
I got work that the link is fixed. Please check the link...
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
12-23-2015 09:35 AM - edited 12-23-2015 09:45 AM
Yes. Seems fixed. Thank you.
Other question: when I reboot a machine connected to a split tunnel rap, it doesn't seem to connect. Only if I pull the network cable for a while and plug it back in, then it starts working again. Sometimes. Not always.
What am I doing wrong? Windows says DHCP times out. I don't see the machine getting a user-role or anything.
Machine is running windows 8.1. Connected with wire to RAP2, same thing happens with RAP3.
Edit: if I disable mac authentication and set the Initial Role to the split-tunnel user-role, then it works. So it must be a problem with mac authentication I guess?
Normally, I have initial role set to denyall. And I have MAC Authentication Default Role set to the split-tunnel user-role. Also, in the internal database, I have set the role for the mac address to the split-tunnel user-role. Should I use something else instead of denyall? Like guest? Im also using denyall on the normal (not split) tunnels and that seems to work fine.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
Re: Looking for up-to-date guide to set-up a RAP (3WN) in split tunnel mode
12-24-2015 02:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator