Wireless Access

Reply
New Contributor

Split-Tunnel scr NAT

I configured RAP with slpit-tunnel mode, users are accessing internet locally and the DHCP from the HQ and everything is working fine. but here is the issue when i access the internet i see on the firewall that the client accessing the internet with the AP's ip address not user's ip.

 

my question is can the client access the internet with its user ip address and not the AP's ip ?

 

does anyone have idea about this or faced this issue somehow ? 

Guru Elite

Re: Split-Tunnel scr NAT

With split tunnel, the user gets its ip address from the headend, and when traffic goes out of the access point, it can ONLY be source-natted.  If you want the user to get an individual ip address on that AP with the real ip address showing up on the firewall, the forwarding mode must be bridged and not split-tunneled.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Occasional Contributor II

Re: Split-Tunnel scr NAT

Hi!

 

After reading this post I figure out that it is not possible to have a Captive Portal in RAP mode where users are bridge to the network. So tThere is no way to use split-tunnel: tunnel during pre-auth and bridge after post-auth.

Any work arround to have CP using CAP or RAP in bridge mode?

Regards

Martín Rodriguez
Guru Elite

Re: Split-Tunnel scr NAT

You cannot have users in bridge mode with Captive Portal.  Correct.

 

You CAN have users with split tunnel and Captive Portal on a RAP, though.  The instructions are here:  https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-Captive-Portal-for-Guest-Access-on-a-Remote-AP/ta-p/177144

 

It uses the tunneled ip addresses to reach the controller's captive portal and then source-nats all of the other traffic after authentication out of the ip address of the AP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: