Wireless Access

Reply
Frequent Contributor II

route ACL: how to apply a match for an application?

Hello

I want to apply a route ACL to a user role to split tunnel traffic matching an appliation like office365 but the first match is always the ALC statement for the network any any. The question is how can I apply a route ACL to match an application before passing the ACL statement base on the Layer 3 ( source/destination network ) ?

 

Here is the configuration:

 

ip access-list route no-split-tunnel
user any any route ipsec-map default-vpnip-local-ipsecmap
user any app salesforce forward app-position 2
user any app okta route ipsec-map default-vpnip-local-ipsecmap app-position 1
user any app speedtest forward app-position 5
user any app office365 forward app-position 3
user any app box-net forward app-position 4
!

 

Thanks

Guru Elite

Re: route ACL: how to apply a match for an application?

I don't believe that apprf rules can be applied to a split-tunneled SSID, because Apprf rules need to be evaluated on the controller, which would require a tunneled SSID.  A split-tunneled SSID's firewall traffic is evaluated on the AP itself (usually a Remote ap).



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: route ACL: how to apply a match for an application?

Thank you For the quick answer. Actually I plan to implement this route ACL on my Branch controllers.
Im able to add on top of the ACL a rule using svc-http and svc-https to no-split this traffic and leave the rest locally and being NATted at the Branch but what I want to achieve is only allow my corporate cloud base applications doing split tunnel at the remote locations and all the rest back to my VPNC/Corporate.
Is there a way to do this ?
Thanks
Antonio
Guru Elite

Re: route ACL: how to apply a match for an application?

If they are cloud applications, most likely they cannot be identified by subnet.  Are there any other characterisitics that would enable you to define those cloud applications?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: route ACL: how to apply a match for an application?

Box, office365, Service-now, Salesforce
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: