Hi Aruba Community,
I was having a discussion with one of my clients a few nights ago. He had a concept on how to structure access for his wired and wireless users and he faced a problem. Let me summarize what he was discussing:
1. His purpose is to clarify how access for users on wired and wireless were to access a remote site's email server, either via site-to-site VPN or via Internet based on the below setup.
2. He has two Internet links (primary with ISP 1, secondary with ISP 2) which is currently load-balanced by a Peplink device.
3. His concept is that wired users will use the site-to-site VPN initiate by his firewall when accessing the email server in the remote site. The users will have the email server DNS resolved to a private IP. Wireless users will access the email server via the Internet (but load balanced via SingTel link) as DNS resolves to a public IP.
4. His thought is that all wireless users should use ISP 2 link (load balanced by the Peplink) but his Employee SSID is assigning his users with his internal DNS server which in turn resolves to his remote site email server private IP. This does not allow them to access remote email server via the ISP 2 link.
Some suggestions I proposed was:
1. Include the Employee SSID range into the site-to-site VPN to allow wireless users on Employee SSID to access the remote site.
2. To check if DNS re-writing exists for Aruba Controller. This was just an option and need to confirm if such a feature exist.