Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba VIA split tunneling

This thread has been viewed 5 times

  • 1.  Aruba VIA split tunneling

    Posted May 01, 2020 03:36 AM

    Got a Q about VIA and split tunneling.

     

    As i can read of the white paper on VIA, is that when you enable split tunneling the you have to say what network you want tunneled to you controllere not the other way, so if i want all Microsoft traffic to go out local and all other traffic tunneled to the controllere i need to whitelist all other traffic than microsoft? anyone have a solution for that? cause as i can see you can only whiteliste 32 ip adresse/subnets.



  • 2.  RE: Aruba VIA split tunneling

    MVP


  • 3.  RE: Aruba VIA split tunneling

    EMPLOYEE
    Posted May 01, 2020 04:17 AM
    @morjo wrote:

    Got a Q about VIA and split tunneling.

     

    As i can read of the white paper on VIA, is that when you enable split tunneling the you have to say what network you want tunneled to you controllere not the other way, so if i want all Microsoft traffic to go out local and all other traffic tunneled to the controllere i need to whitelist all other traffic than microsoft? anyone have a solution for that? cause as i can see you can only whiteliste 32 ip adresse/subnets.

    Correct.  You have to choose what subnets you want tunneled.  You can summarize subnets to avoid listing 32 subnets.  For example, if you want your VPN user to send everything on the 10.0.0.0/8 subnet back to your datacenter, you can put that on a single line:

    Screenshot 2020-05-01 at 03.15.34.png

    If you have any more questions, the VIA VPN Solution guide is here:  https://support.hpe.com/hpesc/public/docDisplay?docId=a00098430en_us

     



  • 4.  RE: Aruba VIA split tunneling

    Posted May 01, 2020 04:30 AM

    Thats what i feared. Microsoft have a huge list of ip adresses they use and it Changes all the time so i need to make summery adresses of what is not on the Microsoft list so dont Think its gonna work.

    Hoping the via client gets app awereness in the future 



  • 5.  RE: Aruba VIA split tunneling

    EMPLOYEE
    Posted May 01, 2020 05:03 AM

    What traffic do you want to go back to your data center?  All traffic except for Microsoft?



  • 6.  RE: Aruba VIA split tunneling

    Posted May 01, 2020 07:10 AM

    Yes that was the idea.



  • 7.  RE: Aruba VIA split tunneling

    EMPLOYEE
    Posted May 01, 2020 08:05 AM

    VIA allows you to only "split" traffic based on subnet, but Aruba Remote APs allows you to define what should be split vs. tunneled with ACLs, instead.  That might meet your requirement:  https://support.hpe.com/hpesc/public/docDisplay?docId=a00097853en_us

     



  • 8.  RE: Aruba VIA split tunneling

    Posted Jun 08, 2020 05:46 PM
    I want to check from user app, what are subnets tunneled to controller,

    where i can find this information in the via-app ?


  • 9.  RE: Aruba VIA split tunneling

    EMPLOYEE
    Posted Jun 08, 2020 06:11 PM

    On a Windows device you can execute "route print".  You cannot do it within a mobile app.



  • 10.  RE: Aruba VIA split tunneling

    Posted Jun 08, 2020 06:31 PM

    Make sense, thank you very much !!