How can we send Central traffic outside IAP-VPN tunnel ?

MVP
MVP
Q:

How can we send Central traffic outside IAP-VPN tunnel ?



A:

Beginning 8.3, we can send traffic destined to Aruba Central outside VPN tunnel in case IAP-VPN is in use.

  • Customers would like to send all user generated traffic within the VPN tunnel to their data center, and have the traffic to Activate/Central to be sent outside the tunnel over the internet directly.
  • Before 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will follow global route setting via tunnel.
  • In 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will be routed via IAP’s local gateway.

The feature will enable automatically when IAP default route is set to  tunnel.

To manage traffic sent to Activate/Central, IAP introduced cloud domain list.

During connection with Central, IAP will add below domain & IP addresses into cloud domain list:

  1. Activate domain “device.arubanetworks.com” by default.
  2. Central domain which it receives from Activate.
  3. Websocket address redirected by Central.
  4. Additional domain/IP pushed from Central (eg. cloud guest);  

Example:

IAP# show ap debug cloud-domain-list 


Cloud Domain List
-----------------
cloud-domain
------------ 
device.arubanetworks.com              ------>>>> Activate domain
34.213.76.57                                        ------>>>> Central websocket IP address

This article applies beginning 8.3 version.

Version history
Revision #:
2 of 2
Last update:
‎05-16-2018 04:22 AM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: