Wireless Access

Reply
Occasional Contributor II
Posts: 20
Registered: ‎03-21-2013

Split-tunnel on AP135 RAP mode

[ Edited ]

Hi  everyone

    

       I have question about  Diagram

 

Nokair Diagram.jpg

   

       The customer has requested   following :

 If client want to use internet traffic should be sent  to  IPsec tunnel  (red)

but  if client  want  to use copy file  on Server File sharing  traffic should be not sent to IPsec tunnel ,traffc should be route on router  not route on controller and sent to  Server Flile sharing

      

         I have define ACL following

 

user any udp 68 deny

any any svc-dhcp permit

user  network 10.94.24.0 255.255.0.0 any permit

user any network 10.92.2.0 255.255.255.0  route src-nat

 

but not working

 

 

 

How to define ACL for working

 

Thank you

OYeA!!

 

 

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Split-tunnel on AP135 RAP mode

I understand you right, you want to tunnel Internet traffic to the controller, but keep traffic destined to local resources to stay local (file sharing, etc.).  First make sure your virtual AP is in split-tunnel mode.

 

wlan virtual-ap <YOUR-VAP>

forward-mode split-tunnel

 

Try the following for appropriate role:

 

user any udp 68 deny

user any svc-dhcp permit

user network 10.92.2.0 255.255.255.0 route src-nat

user any any permit

 

This will src-nat local traffic to 10.92.2.0/24 through the AP-135 (RAP) and stay local.  All other traffic is sent to the controller via the "permit" action of the final rule.   

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: