Controllerless Networks

last person joined: 21 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Split-tunnel activated on guest profil

This thread has been viewed 1 times

  • 1.  Split-tunnel activated on guest profil

    Posted Nov 14, 2019 08:55 AM

    Hello,

    In the default config on aruba IAP, split-tunnel is activated.

     

    In that case, the destination to all this private subnet will not be tunneled ?  

     

    10.0.0.0 - 10.255.255.255

    172.16.0.0 - 172.31.255.255

    192.168.0.0 - 192.168.255.255

     

    Thank you in advance for your help.

    Regards,

     



  • 2.  RE: Split-tunnel activated on guest profil

    Posted Nov 14, 2019 11:01 AM

    Any help please ?



  • 3.  RE: Split-tunnel activated on guest profil
    Best Answer

    Posted Nov 15, 2019 05:18 AM
      |   view attached

    Hello,

     

    I finally found the answer for anyone who's interested :

     

    If split-tunnel is enabled, only corporate traffic is forwarded via the vpn tunnel based on the vpn route, others will be SRC-NATed via the master IAP local IP and forwarded locally.

    So you must configure a netdestination for the corporate subnets to forwarded via the tunnel. “permit” implies tunneling, which is used for corporate traffic, and “route” implies local bridging,
    which is used for local traffic.

     

    You must install the Policy Enforcement Firewall license in the controller. Apply the session ACL to a user role.

     

    https://fr.slideshare.net/ArubaNetworks/emea-airheads-aruba-instant-ap-vpn-troubleshooting

     

    https://community.arubanetworks.com/aruba/attachments/aruba/108/1002/1/split-tunneling.pdf

     

    Regards Brahim,