Hi Colin
Sorry for the late reply. Here is the output while on the split-tunnel SSD
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
192.168.78.50 31.13.76.101 6 43568 443 0 0 0 6 local 1d8 0 0 SRC
192.168.78.50 216.58.221.106 6 37428 443 0 0 0 8 local 279 0 0 SRC
234.5.6.6 192.168.78.50 17 2010 45472 0 0 0 0 local b 0 0 FY
192.168.78.50 192.168.78.254 6 48193 80 0 0 0 0 dev18 12 0 0 FHCI
192.168.78.50 173.194.203.188 6 40062 5228 0 0 0 8 local 26a 0 0 SRC
192.168.78.254 192.168.78.50 6 80 42827 0 0 0 0 dev18 12 0 0 FH
192.168.78.50 210.5.174.66 6 38772 5222 0 0 0 8 local 282 0 0 SRC
192.168.78.50 192.168.78.254 6 42827 80 0 0 0 0 dev18 12 0 0 HCI
192.168.78.50 75.101.136.208 6 48101 443 0 0 0 3 local e1 0 0 SRC
192.168.78.50 234.5.6.6 17 45472 2010 0 0 0 0 local b 0 0 FRC
192.168.78.50 64.233.188.188 6 40961 5228 0 0 0 4 local 283 0 0 SRC
192.168.78.50 31.13.76.66 6 38065 443 0 0 0 6 local 1d9 0 0 SRC
192.168.78.50 31.13.76.101 6 42130 443 0 0 0 8 local 284 0 0 SRC
192.168.78.50 218.189.210.3 17 45475 123 0 0 0 1 local 33 0 0 FSRC
192.168.78.254 192.168.78.50 6 80 48193 0 0 0 0 dev18 13 0 0 FH
While on the the tunnel mode SSID
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
192.168.78.50 234.5.6.6 17 40615 2010 0 0 0 0 dev12 11 0 0 FC
I am not sure about the policy
any any IPSec-ESP permit Low
As this seems to have came default when we first installed the Aruba Controller. And we weren't sure whether it is needed. What we wanted was split tunnel in that policy. So I assume all we need moving forward is?
ip access-list session split-tunnel
any any any route src-nat