How to allow or restrict guest users from setting up a external vpn connection?

Aruba Employee
Aruba Employee

Environment : This article applies to Aruba Mobility Controllers and Aruba Instant Access Points.


In most of the deployments, only web traffic is permitted for guest users. It is according to the company or the university policies, that an network can allow guest users to initiate and successfully establish a external VPN connection.

Therefore, with the help of an access lists in the user-role, an administrator can allow or deny an outgoing VPN connection. Below are the set of acl's that need to allowed in the guest authenticated role:

user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
user any svc-natt permit

NOTE: "User" indicates that the source client is a valid user in the User-table.
If the policy for guest networks do not want guests to initiate a vpn connection, then make sure above acls are denied in the authenticated role.


Version history
Revision #:
1 of 1
Last update:
‎06-29-2014 04:31 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: