07-04-2015 06:08 PM
I am looking at Page 399 of ArubaOS 7.4 user guide and examples are only showing a single subnet. If there are multiple subnets which cannot be summarized into a supernet, do we need to create multiple ipsec-maps listing each separate src-net going over to each non-summarizable dst-net etc.?
Further, if I need to have L3GRE on top of IPsec (for ospf), do I need to have multiple tunnel interfaces, one per subnet to be carried thru, or can I have one tunnel interface using management RVI address as source-ip going over to controller loopback for destination-ip?
The documentation in this regard is poor. Any help will be much appreciated.
Solved! Go to Solution.
07-11-2015 01:31 PM
I was able to resolve it few days ago. As i had expected, only one IPsec tunnel and one L3 GRE tunnel was needed to funnel all the subnets at the branch. I used a summerized supernet as src-net in IPsec crypto map.