Controllerless Networks

Reply
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

VPN + ClearPass Guest

Hi,

 

The situation is that I have a controller in my network and IAPs are outside by my customers. So I need to use VPN to connect IAP to the controller as an end point.

 

What do I need to configure (on the controller) to use the guest self-registration for this customers ? Is it possible ?


Thanks

 

Dimitri

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VPN + ClearPass Guest

You can create VPN tunnel from IAP to Controller with 6.2 OS version. You may find detailed configuration guide in the User Guides. Once the VPN is UP and running you can configure the IAP to use external captive portal that is CP Guest in this case.

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: VPN + ClearPass Guest

Ok thanks.

 

So if I configure the captive portal with IP on the IAP, it will use it and not the portal of the controller ? Right ?

 

Dimitri

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VPN + ClearPass Guest

If you use the IP of the CP Guest then it will use that one.

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: VPN + ClearPass Guest

Ok thanks.

 

Now my controller version is 6.1.3.6. Do I need to upgrade to 6.2 ?

 

What is the difference between IPSec and GRE ? What's the best to use ?

 

Thanks

 

Dimitri

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VPN + ClearPass Guest

Yes, to terminate the Instant VPN you need to use 6.2 OS version on the controller.

If you choose GRE tunnel then the packets are sent and received without encryption, while with IPSec the packets are encrypted.

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: VPN + ClearPass Guest

Can I simply upgrade my version ? Where can I find the 6.2 ?

 

Thanks

 

Dimitri

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VPN + ClearPass Guest

You can find it on the support.arubanetworks.com site (look for Early Deployment subfolder in the ArubaOS folder). You should read the release notes before upgrading. If the controller is in production environment then you may contact your local Aruba SE to ask about this.

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: VPN + ClearPass Guest

[ Edited ]

I am back to you because I don’t understand everything.

 

What I need is : IAP opens a VPN tunnel to the controller so I can access the ClearPass server with the IAP which is outside my network (I do this because I can’t open ports in my customer’s router). The IAP has a fixed IP (determine by my customer network) and users get IP by the router.

 

So on the IAP VPN :

 

Controller

 

  • Primary host : IP of my controller

 

Routing

 

  • Destination : IP of my internal network
  • Gateway : IP of my controller

 

DHCP Server

 

  • Here is the point that I don't know how to configure.

 

Sorry, I am really new in networks so I need some helps to go on the right way.

 

Thanks

 

Dimitri

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VPN + ClearPass Guest

It depends on how you want to use it. The User Guide details each option.

For example one way is to use centralize L2 access. In this case you need to do the following:

  • create a VLAN on the controller
  • assign an IP address to this VLAN interface
  • configure a dhcp pool for this VLAN
  • on the IAP you assign this VLAN to the SSID and choose centralized L2 access with this VLAN ID on the VPN configuartion screen.

With this configuration your client associates to the IAP and get the IP address from the controller. You may need to use src-nat on the controller side - it depends on your network.

 

Hope it helps, let me know if it works or not.

Search Airheads
Showing results for 
Search instead for 
Did you mean: