Wireless Access

Reply
Occasional Contributor II
Posts: 29
Registered: ‎08-04-2012

RAP Split Tunnel

Hi,

 

I've some RAP's in remote site which is provisioned with the controller in HQ.

 

The Remote users are getting ip address from HQ DHCP server and also getting amigopod authentication page, once the users get authenticated users couldnt access internet through locally they are again coming into HQ.

 

I knew there is a an issue with split tunnel policy. can anyone explain the exact policy to route the internet traffic locally not to the HQ?

 

I've created three policies in AAA profile.

 

Amigopod

Captive portal

Logon-Control

 

ip access-list session Amigopod
  any   alias Amigopod svc-https  permit
  any   alias Amigopod svc-http  permit
  any host 192.168.0.29 any  permit

 

ip access-list session captiveportal
  user   alias controller svc-https  dst-nat 8081
  user any svc-http  dst-nat 8080
  user any svc-https  dst-nat 8081
  user any svc-http-proxy1  dst-nat 8088
  user any svc-http-proxy2  dst-nat 8088
  user any svc-http-proxy3  dst-nat 8088

 

ip access-list session logon-control
  user any udp 68  deny
  any any svc-icmp  permit
  any any svc-dns  permit
  any any svc-dhcp  permit
  any any svc-natt  permit

 

Can anyone tell where i need to add the rule for split tunnel?

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: RAP Split Tunnel

You need to add the split tunneling rules to the "guest" role after the user has authenticated.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 29
Registered: ‎08-04-2012

Re: RAP Split Tunnel

Hi thanks, i changed already it started working!!!

Search Airheads
Showing results for 
Search instead for 
Did you mean: