Wireless Access

Is there any way to force a URL instead of IP over the split tunnel for VIA VPN?

We have a use case where a 3rd party has only whitelisted our internet facing IPs, when users are on VIA VPN they are blocked because traffic is outside the VPN due to split tunnel ACL and using their own internet facing IP. The problem we have is the URL resolves to 3 different IPs every few days so no way to add the subnets to the split tunnel ACL as the fix would last about 3 days before the IPs are changed to completely new ones. 

Just wondering if anyone has had this issue and found a work around?

------------------------------
Thanks
Andy
------------------------------

That is not possible with split tunnel via. If you know the range of ip addresses you can write a rule to always permit.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Apr 06, 2022 11:29 AM
From: Andrew Tomlin
Subject: Force Load Balanced URL over VIA VPN Split Tunnel

Is there any way to force a URL instead of IP over the split tunnel for VIA VPN?

We have a use case where a 3rd party has only whitelisted our internet facing IPs, when users are on VIA VPN they are blocked because traffic is outside the VPN due to split tunnel ACL and using their own internet facing IP. The problem we have is the URL resolves to 3 different IPs every few days so no way to add the subnets to the split tunnel ACL as the fix would last about 3 days before the IPs are changed to completely new ones. 

Just wondering if anyone has had this issue and found a work around?

------------------------------
Thanks
Andy
------------------------------

Yeah that’s what we have been doing with other services that require our internet facing IP. Was hopping someone else had similar issue and found a way of working around it.

Only way I can think is doing some work with RestAPI and updating the ACL when they rotate as we haven’t found any pattern to the IPs they use but seems a lot of work for just 1 service.

Thanks anyway 👍

---------------------------------
Thanks
Andy
---------------------------------



Original Message:
Sent: Apr 06, 2022
From: cjoseph
Subject: RE: Force Load Balanced URL over VIA VPN Split Tunnel

That is not possible with split tunnel via. If you know the range of ip addresses you can write a rule to always permit.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Apr 06, 2022 11:29 AM
From: Andrew Tomlin
Subject: Force Load Balanced URL over VIA VPN Split Tunnel

Is there any way to force a URL instead of IP over the split tunnel for VIA VPN?

We have a use case where a 3rd party has only whitelisted our internet facing IPs, when users are on VIA VPN they are blocked because traffic is outside the VPN due to split tunnel ACL and using their own internet facing IP. The problem we have is the URL resolves to 3 different IPs every few days so no way to add the subnets to the split tunnel ACL as the fix would last about 3 days before the IPs are changed to completely new ones. 

Just wondering if anyone has had this issue and found a work around?

------------------------------
Thanks
Andy
------------------------------