08-05-2012 09:11 PM
I've some RAP's in remote site which is provisioned with the controller in HQ.
The Remote users are getting ip address from HQ DHCP server and also getting amigopod authentication page, once the users get authenticated users couldnt access internet through locally they are again coming into HQ.
I knew there is a an issue with split tunnel policy. can anyone explain the exact policy to route the internet traffic locally not to the HQ?
I've created three policies in AAA profile.
ip access-list session Amigopod
any alias Amigopod svc-https permit
any alias Amigopod svc-http permit
any host 192.168.0.29 any permit
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
Can anyone tell where i need to add the rule for split tunnel?
08-06-2012 02:39 AM
You need to add the split tunneling rules to the "guest" role after the user has authenticated.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base