Wireless Access

Reply
Guru Elite

Re: 620 Public Internet with NAT and Firewalls

The port should have been access in the beginning.

You need to do ip nat inside for the other vlans to allow them to go out.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: 620 Public Internet with NAT and Firewalls

Hot **bleep**, it worked.  I just had to changed the defualt route.  Now, as long as my IP address doesn't change!  So now for the next part, how do I do an internal nat translation.  I.E. if something comes in from the internet over public IP I want to re-direct it to a specific IP address internallay. 

Occasional Contributor II

Re: 620 Public Internet with NAT and Firewalls

So I got everything else working now.  But have another issue.

I created the ipnat rule, however, if I go to https://myIP I get my controller login webpage and https traffic is not being forwarded to the host I want it to.

Aruba

Re: 620 Public Internet with NAT and Firewalls

Can you share your ACL that you applied to the Internet port?   It should read something similar to this with dst-nat entries; with x.x.x.x being the internal IP of your webserver you want to hit.

 

ip access-list session INTERNET-ACL
  any any svc-dhcp  permit 
 
any any svc-http dst-nat ip x.x.x.x 80

  any any svc-https dst-nat ip x.x.x.x 443

  any any any  deny

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Aruba

Re: 620 Public Internet with NAT and Firewalls

EDIT; duplicate post

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Occasional Contributor II

Re: 620 Public Internet with NAT and Firewalls

here is the info.  But actually it ended up being that I have the management IP set on vlan1.  I moved it to a different vlan and that fixed it.  I also don't need the DHCP because I have another device running DHCP.

 

1          any     any          svc-https  dst-nat ip 10.10.11.90 443                          
2         any     any          svc-http   dst-nat ip 10.10.11.90 80 
3         any     any          any        deny              

 

I have one last question I think, at least for now.  I want to create a firewall between vlans, so I can have a DMZ.  How do I create something like that?                                  

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: