Wireless Access

Hello,

I was wondering if it is possible to run split-tunnel on Mesh Points when connected to RMP.

I want to do this because we currently run RAPs in locations that could use a second RAP due to coverage.  The issue with running two or more RAPs in one location, is they dont hand off well when split-tunneled (loss of firewall state) and it causes the network to drop.

One fix for this is to run the RAPs in full tunnel but some of our locations have poor internet access and running full tunnel makes their connection to the internet very poor.

From what i understand, the issue is due to the firewall state being on the RAP and when a client moves to another split-tunnel RAP, their firewall state is lost and this will cause all network applications to reconnect.  This crashes out one of our web applications and we can not use mutiple RAPs in locations.

What i am hoping we can do is setup RMP with MP and the firewall state would be on the RMP for all users (like a IAP cluster and the virtual controller) and setup the VAP on the MP to be split-tunneled.

Anyone have any ideas?

Only RAPs are capable of performing split-tunneling, so for sites as you've described with poor internet access, using an Instant cluster for mesh and local termination of traffic is probably your best bet.

I tested using a instant cluster and had some issues with it and it wouldnt fit our needs.

A Remote Mesh Portal is a RAP that is also a mesh portal.  From the documentaion i have read, it sounds like the RMP supports split tunnel.  What im not 100% sure about is if the MP support split tunnel.

---

@Mathew Flowerswrote:

A Remote Mesh Portal is a RAP that is also a mesh portal.  From the documentaion i have read, it sounds like the RMP supports split tunnel.  What im not 100% sure about is if the MP support split tunnel.

---

Correct, the Mesh Point does not support split-tunnel.

Thank you.