Jose C,
Even if we do not have any licenses installed in Aruba Controllers you can still configure the VPN tunnel between IAP and Controller becuase to form the VPN tunnel below are the only three requirements:
1. Create address local pool on controller for inner IP.
(Aruba)(config)# ip local pool <pool-name> <start-ipaddr> <end-ipaddr>
2. Add Mac address of the IAP to the RAP whitelist.
- Navigate to Configuration > AP Installation (under Wireless) > then click Whitelist > Remote AP > Entries "on right side" > Click New >
- IAP MAC Address: Enter the MAC address of the AP.
- AP Group: Select a group to add the AP. Select Default AP group. This option do not push the configuration to IAP
- Click the Add button to add the remote AP to the whitelist
3. Make sure that the role assigned in the “aaa authentication vpn default-iap” has all required access list entries to allow the IAP.
NOTE: only availble after 6.2 and above.
However if you don't have any liceses not even "PEFV" then you can't modify rules i.e. "default-iap" which has defualt role "default-vpn-role" and which has default allow-all rule configured.
(Aruba) #show rights default-vpn-role
Derived Role = 'default-vpn-role'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 70/0
Max Sessions = 65535
VIA Connection Profile = test
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 allowall session
2 v6-allowall session
allowall
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any any permit Low 4
v6-allowall
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
Expired Policies (due to time constraints) = 0