Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAP Split Tunnel

This thread has been viewed 3 times

  • 1.  RAP Split Tunnel

    Posted Aug 06, 2012 12:12 AM

    Hi,

     

    I've some RAP's in remote site which is provisioned with the controller in HQ.

     

    The Remote users are getting ip address from HQ DHCP server and also getting amigopod authentication page, once the users get authenticated users couldnt access internet through locally they are again coming into HQ.

     

    I knew there is a an issue with split tunnel policy. can anyone explain the exact policy to route the internet traffic locally not to the HQ?

     

    I've created three policies in AAA profile.

     

    Amigopod

    Captive portal

    Logon-Control

     

    ip access-list session Amigopod
      any   alias Amigopod svc-https  permit
      any   alias Amigopod svc-http  permit
      any host 192.168.0.29 any  permit

     

    ip access-list session captiveportal
      user   alias controller svc-https  dst-nat 8081
      user any svc-http  dst-nat 8080
      user any svc-https  dst-nat 8081
      user any svc-http-proxy1  dst-nat 8088
      user any svc-http-proxy2  dst-nat 8088
      user any svc-http-proxy3  dst-nat 8088

     

    ip access-list session logon-control
      user any udp 68  deny
      any any svc-icmp  permit
      any any svc-dns  permit
      any any svc-dhcp  permit
      any any svc-natt  permit

     

    Can anyone tell where i need to add the rule for split tunnel?



  • 2.  RE: RAP Split Tunnel

    EMPLOYEE
    Posted Aug 06, 2012 05:40 AM

    You need to add the split tunneling rules to the "guest" role after the user has authenticated.

     



  • 3.  RE: RAP Split Tunnel

    Posted Aug 06, 2012 07:48 AM

    Hi thanks, i changed already it started working!!!