Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

OnGuard - VPN access to different networks from same controller

This thread has been viewed 0 times

  • 1.  OnGuard - VPN access to different networks from same controller

    Posted Nov 17, 2016 11:44 AM

    Hi All,

     

    Imagine this, you have a single controller configured as a VPN concentrator. 

     

    OnGuard is being configured as VPN only, no health checks.

     

    You have 2 separate networks (network A and B) that you want to provide VPN access to that reside behind the single controller. These separate networks have different authentication servers, IP ranges, DNS, etc and are not connected other than at the controller.

     

    We can setup different Via connection and authentication profiles for the different networks. The users would just have to choose network A or B when downloading the Via profile.

     

     

    Issuing the correct routing to users from network A and B upon establishing a Via connnection can be achieved by using external services interface (ESI).

     

    Now it gets interesting. The problem that occurs is that users from network A and B are both issued with the DNS servers from the controller on : "Advanced Services > VPN Services > IPSEC"

     

    My question is, is there a way to issue different DNS servers to 2 different groups of Via VPN users?

     

    Cheers

    James

     



  • 2.  RE: OnGuard - VPN access to different networks from same controller
    Best Answer

    Posted Nov 17, 2016 01:23 PM

    I reached out to HPE who have said that this is not possible. :(