Hi,
We have 12 remote sites and have configured splittunneling for each site. A remote wireless client wishing to use a printer local to him, doesn't need to traverse the tunnel.
This means that for each site I have a firewall rule stating :
Source:Any Destination:Depot_Brussels Service:Any Action: route src-nat .....
Source:Any Destination:Depot_Ghent Service:Any Action: route src-nat .....
Source:Any Destination:Depot_Antwerp Service:Any Action: route src-nat .....
...
As Aruba's config is heavy on nested functions / reuse of configuration, this lowest level src-nat rule forces me to create separate splittun policies, and one level up, seperate AAA profiles refering to its own splittun for the default .1x role.
It would greatly simplify things if I could do
"...Destination : <local to the accesspoint in question>"
Another idea would be to list all my subnets in a single destination (it exists in the blocking rule) but then the tunnels wouldn't get used for 'across subnet' traffic, relying on toplevel L3 routing instead.
thx for any advice.