03-08-2013 12:02 AM
The situation is that I have a controller in my network and IAPs are outside by my customers. So I need to use VPN to connect IAP to the controller as an end point.
What do I need to configure (on the controller) to use the guest self-registration for this customers ? Is it possible ?
03-08-2013 12:19 AM
You can create VPN tunnel from IAP to Controller with 6.2 OS version. You may find detailed configuration guide in the User Guides. Once the VPN is UP and running you can configure the IAP to use external captive portal that is CP Guest in this case.
03-11-2013 04:22 AM
Yes, to terminate the Instant VPN you need to use 6.2 OS version on the controller.
If you choose GRE tunnel then the packets are sent and received without encryption, while with IPSec the packets are encrypted.
03-11-2013 09:34 AM
You can find it on the support.arubanetworks.com site (look for Early Deployment subfolder in the ArubaOS folder). You should read the release notes before upgrading. If the controller is in production environment then you may contact your local Aruba SE to ask about this.
03-13-2013 01:22 AM - edited 03-13-2013 01:24 AM
I am back to you because I don’t understand everything.
What I need is : IAP opens a VPN tunnel to the controller so I can access the ClearPass server with the IAP which is outside my network (I do this because I can’t open ports in my customer’s router). The IAP has a fixed IP (determine by my customer network) and users get IP by the router.
So on the IAP VPN :
- Primary host : IP of my controller
- Destination : IP of my internal network
- Gateway : IP of my controller
- Here is the point that I don't know how to configure.
Sorry, I am really new in networks so I need some helps to go on the right way.
03-13-2013 02:23 AM
It depends on how you want to use it. The User Guide details each option.
For example one way is to use centralize L2 access. In this case you need to do the following:
- create a VLAN on the controller
- assign an IP address to this VLAN interface
- configure a dhcp pool for this VLAN
- on the IAP you assign this VLAN to the SSID and choose centralized L2 access with this VLAN ID on the VPN configuartion screen.
With this configuration your client associates to the IAP and get the IP address from the controller. You may need to use src-nat on the controller side - it depends on your network.
Hope it helps, let me know if it works or not.