Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Split-tunnel on AP135 RAP mode

This thread has been viewed 1 times

  • 1.  Split-tunnel on AP135 RAP mode

    Posted Oct 26, 2014 05:59 AM

    Hi  everyone

        

           I have question about  Diagram

     

    Nokair Diagram.jpg

       

           The customer has requested   following :

     If client want to use internet traffic should be sent  to  IPsec tunnel  (red)

    but  if client  want  to use copy file  on Server File sharing  traffic should be not sent to IPsec tunnel ,traffc should be route on router  not route on controller and sent to  Server Flile sharing

          

             I have define ACL following

     

    user any udp 68 deny

    any any svc-dhcp permit

    user  network 10.94.24.0 255.255.0.0 any permit

    user any network 10.92.2.0 255.255.255.0  route src-nat

     

    but not working

     

     

     

    How to define ACL for working

     

    Thank you

    OYeA!!

     

     



  • 2.  RE: Split-tunnel on AP135 RAP mode

    Posted Oct 26, 2014 07:44 AM

    I understand you right, you want to tunnel Internet traffic to the controller, but keep traffic destined to local resources to stay local (file sharing, etc.).  First make sure your virtual AP is in split-tunnel mode.

     

    wlan virtual-ap <YOUR-VAP>

    forward-mode split-tunnel

     

    Try the following for appropriate role:

     

    user any udp 68 deny

    user any svc-dhcp permit

    user network 10.92.2.0 255.255.255.0 route src-nat

    user any any permit

     

    This will src-nat local traffic to 10.92.2.0/24 through the AP-135 (RAP) and stay local.  All other traffic is sent to the controller via the "permit" action of the final rule.