RAP split-tunnel (802.1X authentication)

Similar documents
RAP Installation - Updated

To configure firewall policies, you must install the Policy Enforcement Firewall license.

Case Study - Configuration between NXC2500 and LDAP Server

How To Configure L2TP VPN Connection for MAC OS X client

D-Link DAP-1360 Repeater Mode Configuration

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Scenario: Remote-Access VPN Configuration

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

Configuring a FortiGate unit as an L2TP/IPsec server

Enable VPN PPTP Server Function

Managing a FortiSwitch unit with a FortiGate Administration Guide

Scenario 1: One-pair VPN Trunk

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Configuring Routers and Their Settings

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Global VPN Client Getting Started Guide

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Connecting an Android to a FortiGate with SSL VPN

Custom Integration Solutions

VPN L2TP Application. Installation Guide

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Mac OS VPN Set Up Guide

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

V310 Support Note Version 1.0 November, 2011

Microsoft Lync Certification Configuration Guide for WiNG 5.5

Configuring Global Protect SSL VPN with a user-defined port

Configuring a VPN for Dynamic IP Address Connections

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Firewall Defaults and Some Basic Rules

GregSowell.com. Mikrotik Basics

Chapter 9 Monitoring System Performance

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

VPN Configuration Guide. Dealing with Identical Local and Remote Network Addresses

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Cisco QuickVPN Installation Tips for Windows Operating Systems

UAG4100 Support Notes

TE100-P21/TEW-P21G Windows 7 Installation Instruction

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Getting Started Guide

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

intelligence at the edge of the network EdgeBOX V4.3 VPN How-To

Aruba Aruba Certification ACMP-6.4 test questions and answers :

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Pre-lab and In-class Laboratory Exercise 10 (L10)

For paid computer support call

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Wireless Network Configuration Guide

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation

Purple Sturgeon Standard VPN Installation Manual for Windows XP

AP6511 First Time Configuration Procedure

Security Awareness. Wireless Network Security

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

(this is being worked on)

VPN Configuration Guide. Cisco ASA 5500 Series

Using IPsec VPN to provide communication between offices

Extending the range of a wireless network by using mesh topology

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Scenario: IPsec Remote-Access VPN Configuration

Chapter 4 Customizing Your Network Settings

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

VPN PPTP Application. Installation Guide

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Design and Implementation Guide. Apple iphone Compatibility

Quick Installation Guide DAP Wireless N 300 Access Point & Router

How to add a SIP server How to register a handset

VLANs. Application Note

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

VPN Configuration Guide WatchGuard Fireware XTM

Configure IPSec VPN Tunnels With the Wizard

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

REMOTE ACCESS VPN NETWORK DIAGRAM

How to Access Coast Wi-Fi

WiNG5 DESIGN GUIDE By Sriram Venkiteswaran. WiNG5 Wireless Association Filters. How To Guide

Using Remote Desktop Software with the LAN-Cell

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

How to Connect SSTP VPN from Windows Server 2008/Vista to Vigor2950

10/ English Edition 1. Quick Start Guide. NWA1100N-CE CloudEnabled Business N Wireless Access Point

Chapter 3 LAN Configuration

VPN Tracker for Mac OS X

How to setup a VPN on Windows XP in Safari.

Meraki Wireless Solution Comparison

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Quick Start Guide for Zone Director Controller

Configuring a VPN between a Sidewinder G2 and a NetScreen

Transcription:

RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller June 2013 Contents MUST READ - BACKGROUND!... 1 Create an internal network netdestination... 2 Create the RAP User Policy... 2 Create the RAP User Role... 3 Create a new RAP AAA server... 3 Create the myrap Virtual AP... 4 Edit the myrap Virtual AP... 4 Create the RAP AP Group... 5 Configure the Controller VPN for RAP Access... 6 Assign a RAP Address Pool... 6 Add the RAP MAC address to the Whitelist... 7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN s and IP address in the examples may have changed but the overall process is still valid to follow.

Create an internal network netdestination The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but src-nat from the RAP to the local subnet.

Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the RAPUser-pol policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the 802.1X Authenticated default role the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example myemployee-1x )

Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example myemployee-serv ) Create the myrap Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myrap group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myrap-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to split-tunnel

Continue setting up the myrap-vir the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myrap-vir the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP s (if not already completed) Configuration > Wireless > AP Configuration > New Add the new AP Group Name (in this example myrap ) Click Add to finish and Save Configuration

Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example For the Beginner - RAP Installation-Basic as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you APPLY the changes at the bottom of the VPN Services page

Add the RAP MAC address to the Whitelist Go to Configuration > Wireless > AP Installation Select the Whitelist tab and select Entries Then elect Remote AP and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the RAP AP Group Click Add when completed Save Configuration CLI checks and Troubleshooting is included in the original For the Beginner - RAP Installation-Basic document

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information