3 weeks ago - last edited 3 weeks ago
In the default config on aruba IAP, split-tunnel is activated.
In that case, the destination to all this private subnet will not be tunneled ?
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Thank you in advance for your help.
Solved! Go to Solution.
3 weeks ago
I finally found the answer for anyone who's interested :
If split-tunnel is enabled, only corporate traffic is forwarded via the vpn tunnel based on the vpn route, others will be SRC-NATed via the master IAP local IP and forwarded locally.
So you must configure a netdestination for the corporate subnets to forwarded via the tunnel. “permit” implies tunneling, which is used for corporate traffic, and “route” implies local bridging,
which is used for local traffic.
You must install the Policy Enforcement Firewall license in the controller. Apply the session ACL to a user role.