The Setup must me running minimum ArubaOS 8.0.1 ro above.
Starting from ArubaOS 8.0.1, a new feature is introduced in Mobility Master to support IKEv2 configuration (CFG_SET) payload for VIA clients.
When this feature is enabled, managed devices can accept CFG_SET message with the INTERNAL_IP4_SUBNET attribute type. When a managed device receives this message, which consists of an IP address and netmask, it adds an entry to the datapath route table that points to the VIA’s inner IP address as the next-hop. The datapath route-cache for the VIA’s inner IP will point to the tunnel endpoint associated with the VIA.
Note: This feature is disabled by default.
The following limitations are applicable to the CFG_SET support feature for Mobility Master:
This feature supports only on IPv4
This feature is only applicable with IKEv2
(ArubaMM)[mynode] (config) #crypto-local isakmp allow-via-subnet-routes
(ArubaMM)[mynode] (config) #no crypto-local isakmp allow-via-subnet-routes
At the moment this option is available only from CLI and not available from WebUI.
When the feature is Disabled:
(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes Controller will not accept subnet routes from via client (ArubaMM) [mynode] #
When the feature is Enabled:
(ArubaMM) [mynode] #show crypto-local isakmp allow-via-subnet-routes Controller will accept subnet routes from via client (ArubaMM) [mynode] #