Regular Contributor I

Clearpass GRE tunnel

My guest users are in a subnet that is non-routable on our internal network and therefore cannot reach my clearpass server.  I have successfully created a GRE tunnel b/w my controller and clearpass.  Guest users get redirected to a login page using the CPPM GRE tunnel IP.  My questions is what do others do so that the guest users do not get a certificate warning when hitting https://<tunnelIP>/guest/login.php.  We currently use Symantec/Versign for obtaining certificates and they no longer allow an IP address in the SAN field.  Just curious what others do in this situation.

Guru Elite

Re: Clearpass GRE tunnel

We get creative with some static routes and DNS proxy. We've never been able
to make the GRE tunnel method work 100%.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Clearpass GRE tunnel

That's correct most Third party SSL companies do not accept IPs anymore.


You will need to use a dns name , what you can do is probably NAT the dns traffic just to reach the ClearPass server

Thank you

Victor Fabian
Lead Mobility Architect @WEI
Search Airheads
Showing results for 
Search instead for 
Did you mean: