Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Difference between route src-nat and src-nat?

This thread has been viewed 12 times

  • 1.  Difference between route src-nat and src-nat?

    Posted Jun 23, 2015 02:52 AM
    Hi Guys, Could someone give me the actual difference between "any any any route src-nat" and "any any any src-nat" with a usecase as to how it works in Aruba?


  • 2.  RE: Difference between route src-nat and src-nat?

    Posted Jun 23, 2015 03:07 AM

    Hi Joe_Lee,

    Its mainly required when you are working with RAP.

    Below is the screenshot from AOS UG.

    image 4.jpg

     



  • 3.  RE: Difference between route src-nat and src-nat?

    Posted Jun 23, 2015 05:31 AM
    Hi SumaN, Thanks for your posting, but I think what you have posted only tells me what is src-nat and dst-nat is. However, I am keen to know more about the functionality of "any any any route src-nat" and "any any any src-nat" with a usecase along with the difference between them.


  • 4.  RE: Difference between route src-nat and src-nat?
    Best Answer

    EMPLOYEE
    Posted Jun 23, 2015 08:00 AM

    Route src-nat is specifically used in an ACL when split tunneling client traffic on a Remote AP http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Remote_AP/Split_Tunneling.htm  You would use split tunneling on an access point configured at a remote AP at a branch office so that corporate traffic gets sent back to the corporate headend and internet traffic gets sent locally to the ISP.

     

    Soure-NAT is configured as an ACL for a Campus AP to do NAT translation for a user's traffic on a campus:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ip_access_list_session.htm?Highlight=src-nat

     



  • 5.  RE: Difference between route src-nat and src-nat?

    Posted Jun 23, 2015 09:57 PM

    Hi Colin,

     

    Thank you for the post.

     

    Say for example, My split-tunnel ACL's are like this

     

    any any svc-dhcp permit
    any any svc-dns permit
    user controller any permit
    any any any route src-nat <<<<<<<< instead of this if I specify as "any any any src-nat", then what is going to happen to the user traffic?

     

    Could you please explain in detail



  • 6.  RE: Difference between route src-nat and src-nat?

    EMPLOYEE
    Posted Jun 23, 2015 11:59 PM
    I never tried src-nat with a split tunnel rap, but from experience, the results could be unpredictable, or just not work, at all.


  • 7.  RE: Difference between route src-nat and src-nat?

    Posted Jun 30, 2015 10:51 AM

    I think it´ll be forwarded throught he tunnel and NATed to the RAPs inner IP (taken from the central VPN pool on the controller). But I´m not sure.

     

    Cheers,



  • 8.  RE: Difference between route src-nat and src-nat?

    Posted Jul 30, 2016 12:38 PM

    Could there be an error in this RAP split-tunnel document?

    In the document 'src-nat' is stated for the splitting policy in stead of 'route src-nat'.

     

    Rgds

    Peter



  • 9.  RE: Difference between route src-nat and src-nat?

    EMPLOYEE
    Posted Jul 30, 2016 12:59 PM

    That is incorrect.  It should be route src-nat.