Wireless Access

I have configured a number of RAP's in different geographic locations.

They all share the same config (ie not copy-pasted, but by reference)

Remote wifi clients exit the tunnel in HQ and can access HQ resources (internet, RDP...) just fine.

Although the VAP's have Forwarding set to "split tunnel", remote clients that want to use remote resources come out of the tunnel in HQ and are routed back towards the remote site.

Thanks for any advice.

Ward

There are quite a few articles in the knowledgebase about configuring and diagnosing split tunnel problems.  Please do a search and look at the results in knowledgebase.  One article on configuration is here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-541

Will do that.

Thank you for the link.

Ward

I got split tunneling to work. I have an aesthetics question remaining.

My network is a-typical in that remote sites live on a private mpls-vpn network ie they don't have a proper internet connection.

So I had to define 3 rules in the following sequence :

1. a dhcp permit rule

2. a " src-nat route " rule for all destinations local to the RAP

3. a fallthrough rule that 'permits' all remaining traffic over the ipsec tunnel toward HQ

Now for the question : I want to configure splittunneling for 13 sites with a minimum of configuration.

The "src-nat route" expects a "network alias", which means I have 13 separate policies to define, followed by 13 separate roles, 13 aaa profiles etc

Is it possible to replace the explicit "network alias" with a "reference" to the network where 'this' RAP happens to live, which would make that rule dynamic, and clean up the config.

thx

Ward