Security

Reply
Aruba Employee

Re: Guest access thought remote AP

I think you should be fine but the one thing i would be aware of is the fragmentation by your current VPN. If the packet that is IPsec encrypted by the RAP is fragmented by your VPN and arrives out of order at the controller , the controller might consider it as a replay attack. But if you can ensure that this doesn't happens things should be fine. I haven't encoutered this but someone else can eloborate on this and confirm it.

 

Regards,

Sathya

Re: Guest access thought remote AP

Now the question here is how can i prevent this from happening?

 

When you say you have not encountered this is because

1-you never build a vpn tunnel with the rap and passed that traffic through a vpn ilnk?

2-or you have done it and nothing wrong happen, but you telling me that it might happen?

 

Which of the two?

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Guest access thought remote AP

Question

What happens if i do this

 

1-On the central site i do a virtual IP and have a public IP for the Wireless controller(of course just using the correct ports)

2-On the remote site i tell the remote AP that the WC ip address is the public IP address of the WC

 

This will make the Remote AP to build a separated VPN tunnel over the internet and all the wireless client will go through this tunnel?

Anyways it just an idea i dont kow if that works hehe

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba Employee

Re: Guest access thought remote AP

---------------------------------------------------------------------------------------------------------------------------------------------------------------------Now the question here is how can i prevent this from happening?

 

When you say you have not encountered this is because

1-you never build a vpn tunnel with the rap and passed that traffic through a vpn ilnk?

2-or you have done it and nothing wrong happen, but you telling me that it might happen?

 

Which of the two?

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

For this my answer is number 1

Aruba Employee

Re: Guest access thought remote AP

--------------------------------------------------------------------------------------------------------------------------------------------------------------------Question

What happens if i do this

 

1-On the central site i do a virtual IP and have a public IP for the Wireless controller(of course just using the correct ports)

2-On the remote site i tell the remote AP that the WC ip address is the public IP address of the WC

 

This will make the Remote AP to build a separated VPN tunnel over the internet and all the wireless client will go through this tunnel?

Anyways it just an idea i dont kow if that works heh

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

This is how a typical RAP deployment works, since most people who use RAPs at remote locations don't have a VPN end-point. This should solve the fragmentation problem.

 

 

Regards,

Sathya

Re: Guest access thought remote AP

Well i tested iwth a small remote AP i got and seems to work pretty good.

I did a lab i build a vpn tunnel between the office and my house  and bring a small RAP-2WG to my house and it build a separate tunnel as i expected... I tried the captive portal access which was successful, no issue...

Now i came today to the office to get a 105AP and ill use it as a remote AP to see it should work with no issue i guess

 

Anyways many thanks for the idea.

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Highlighted
Occasional Contributor II

Re: Guest access thought remote AP

Guys, I followed link but trying to use RAP with external CP from clearpass. for some reason I see myself connected in the controller with the logon role but splash page does not pops out. Actually I think it is blocked but my logon rules include whitelisting for my clearpass IP.  What could be wrong?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: