Wireless Access

Reply
Highlighted
Occasional Contributor II

Re: VPN problems

Hi ,

 

My Guest users using Cisco and Microsoft VPN clients.

 

Yes i have allowed VPN trafic to my guest role...

 

See below "show rights guest " output

 

show rights guest

Derived Role = 'guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Enabled, Interval = 4096 minutes
ACL Number = 3/0
Max Sessions = 65535


access-list List
----------------
Position Name Location
-------- ---- --------
1 allowall
2 http-acl
3 https-acl
4 dhcp-acl
5 icmp-acl
6 dns-acl
7 v6-http-acl
8 v6-https-acl
9 v6-dhcp-acl
10 v6-icmp-acl
11 v6-dns-acl
12 VPN-Clients

allowall
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any any permit Low
http-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-http permit Low
https-acl
---------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-https permit Low
dhcp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-dhcp permit Low
icmp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-icmp permit Low
dns-acl
-------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-dns permit Low
v6-http-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-http permit Low
v6-https-acl
------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-https permit Low
v6-dhcp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-v6-dhcp permit Low
v6-icmp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-v6-icmp permit Low
v6-dns-acl
----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any svc-dns permit Low
VPN-Clients
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 user any svc-l2tp permit Low
2 user any svc-esp permit Low
3 user any svc-ike permit Low
4 user any tcp 17 permit Low
5 user any udp 51 permit Low
6 user any udp 4500 permit Low
7 user any tcp 10000-10001 permit Low
8 user any udp 10000-10001 permit Low
9 user any svc-pptp permit Low
10 user any svc-gre permit Low
11 any user svc-natt permit Low

Expired Policies (due to time constraints) = 0

Highlighted
Guru Elite

Re: VPN problems

What is natting your guest traffic out to the internet?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Guru Elite

Re: VPN problems

What is natting your guest traffic out to the internet?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: VPN problems

Guest Network using Vlan 2 and source nating enable on this vlan

Highlighted
Guru Elite

Re: VPN problems

Okay. What does the nat after that? You might want to make your guest clan fully routable to avoid the double Nat.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: VPN problems

Could you please more specify.. how to check this???

 

I really apreciate your promt reply on this...

Highlighted
Guru Elite

Re: VPN problems

I am asking, do you have a firewall that protects all of your users from the internet?  What kind is it?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: VPN problems

We don't have any firewall in our environment.

 

We using ELFIQ as load balancer, and Aruba directly connected to ElFIQ.

 

There is no Firewall between ELFIQ and Aruba.

Highlighted
Guru Elite

Re: VPN problems

What translates your private internal addresses into a public internet address for internet access?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: VPN problems

I guess ElFIQ translate private address to public address..

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: