06-24-2010 03:23 AM
Is it possible to configure site-to-site, VPN tunnel from Aruba controller to another vendor firewall? So that Aruba would route "intresting" traffic from certain subnet to another subnet trough tunnel.What I've been trying to do is make VPN tunnel from 3200 Controller with 5.0.10 firmware to Watchguard x750e. I get phase 1 trough but phase 2 fails with following error from firewall:
2010-06-24 13:14:40 iked Peer x.x.x.x phase 2 negotiation failed because there is no matching IPSec proposal
Arubas user interface isn't so clear about VPN configuration, where do I do phase 2 configuration in Aruba UI?
06-24-2010 04:19 AM
Matching all those parameters should get you past Phase 2 of the conversation.
Any type of VPN is not simple and site to site VPNs between different manufacturers is even more complicated. Vendors routinely call the same things by different names, but the key is to have your parameters matched on both sides. Due to this complexity, you may want to contact Watchguard to ensure that side of the site to site VPN agrees with the Aruba side.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-24-2010 05:04 AM
In my experience standard IPSec is pretty easy even between different wendors as long as you run decent harware. Most of the problems I've got are because crappy hardware what does something else that it should be.
And Thanks for the help, being able to connect VPN to firewalls gives me interesting options to use Aruba in different installations.