Controllerless Networks

Reply
Occasional Contributor II

IAP-VPN routing issues

Hi all, I have a simple question.

In my scenario I have an IAP cluster + VC. The VC sets up an IPSec VPN with a centralized Controller. My customer needs two WLANs: one "local", say "Customer-Local" (PSK) and the other "L2 Centralized", say "Customer-Centralized" (802.1X). He wants clients associated to the "Customer-Local" to stay local (no NAT, dhcp locally provided, ecc...) and clients associated to "Customer-Centralized" completly managed by central resources (dhcp and default-gateway centrally provided). My question is about the correct way to configure Routing tab under VPN menu of the IAP. To provide clients associated to "Customer-Centralized" WLAN with a centralized default-gateway i filled with a 0.0.0.0/0 -> a.b.c.d (say a.b.c.d is the physical address of the controller where VPN in terminated to). The issues i find is that as soon as i enter this configuration the VC immediatly loose connectivity with AirWave and RADIUS. It seems like routing entry 0.0.0.0/0 does not apply only to wireless clients (as I would expect) but to IAP routing table too.

What am i missing? Is this correct? Is there a way to overcome to this issue?

Thanks in advance.

f.r.

 

Re: IAP-VPN routing issues

Do you see 443 destination traffic to the Airwave IP on the controller in the show datapath session table output?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: