Security

Reply
Highlighted
Occasional Contributor II

Users are able access VPN through Guest Network without going through guest authentication

Hello Guys, 

 

Users connected to guest network aree able to establish VPN tunnels to outside world without going through Guest authentication. Does anyone know which ports do I have to block for Guest access? 

 

Thanks 

Highlighted
Moderator

Re: Users are able access VPN through Guest Network without going through guest authentication

Create a new guest logon role with just DHCP, dns, and captive-portal. 


Thanks, 
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Aruba

Re: Users are able access VPN through Guest Network without going through guest authentication

Please share the result of the following for the role the guest is in BEFORE authentication.   If you are not sure of the role, check with "show user-table"

 

show rights <NameofRole>

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Highlighted
Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Hi Celmbo, 

 

As reqyested, please find the details about the Guest-pre auth role attached. 

 

Thanks 

Highlighted
Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Hello Guys, 

 

Any changes in the role which you recommend after looking at the Guest_Pre_auth role? 

 

Thanks 

Highlighted
Moderator

Re: Users are able access VPN through Guest Network without going through guest authentication

Create a new guest logon role with just DNS, DHCP and captive-portal...



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Aruba

Re: Users are able access VPN through Guest Network without going through guest authentication

Try removing line 5 in the logon-control ACL (svc-natt).    You should not need this in your default logon role.    Or if you are more comfortable, make a new logon-control for your needs and leave the default ACL as is.

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Highlighted
Occasional Contributor II

Re: Users are able access VPN through Guest Network without going through guest authentication

Thank you guys, I have made the chage and have asked the users to test it. I will update you when I know more. 

 

Again really appreciate your help!

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: