Controllerless Networks

Reply
Highlighted
Occasional Contributor II

Split-tunnel activated on guest profil

Hello,

In the default config on aruba IAP, split-tunnel is activated.

 

In that case, the destination to all this private subnet will not be tunneled ?  

 

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

 

Thank you in advance for your help.

Regards,

 

Occasional Contributor II

Re: Split-tunnel activated on guest profil

Any help please ?

Occasional Contributor II

Re: Split-tunnel activated on guest profil

Hello,

 

I finally found the answer for anyone who's interested :

 

If split-tunnel is enabled, only corporate traffic is forwarded via the vpn tunnel based on the vpn route, others will be SRC-NATed via the master IAP local IP and forwarded locally.

So you must configure a netdestination for the corporate subnets to forwarded via the tunnel. “permit” implies tunneling, which is used for corporate traffic, and “route” implies local bridging,
which is used for local traffic.

 

You must install the Policy Enforcement Firewall license in the controller. Apply the session ACL to a user role.

 

https://fr.slideshare.net/ArubaNetworks/emea-airheads-aruba-instant-ap-vpn-troubleshooting

 

https://community.arubanetworks.com/aruba/attachments/aruba/108/1002/1/split-tunneling.pdf

 

Regards Brahim,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: