Remote Networking

Reply
Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

L2TP IPSec Address Pool

Hi All,
I am starting to setup a small controller as a VPN solution, and I going though the documentation and it says about setting up a address pool, does the IP range need to be valid for the network or is a pool just for the clients and the controller will nat them onto the network.

Also setting up VIA so any pointers would be useful .

Thanks in advance.


Luke
Guru Elite
Posts: 21,479
Registered: ‎03-29-2007

Re: L2TP IPSec Address Pool

There is a whole chapter on "Virtual Private Networks" in the ArubaOS userguide, for whatever version you are using that explains your questions:

- Clients that do not have routable addresses in your networks need to be source natted:

That means your default VPN role would need a firewall policy like this, source natting the traffic to a pool you created:

ip access-list session srcnat
user any any src-nat pool position 1


There is a whole Chapter on VIA, called "Virtual Internet Access" that details how to setup VIA in the user guide, with step-by-step instructions.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

Re: L2TP IPSec Address Pool

Hi Mate,
Thanks for the quick reply, I have got the guides and read though them, still don't address the issue with the pool. I have another controller that has random non route pools for RAP2's.

They seem to work fine but does RAP2's work different to the client VPN.
Guru Elite
Posts: 21,479
Registered: ‎03-29-2007

Re: L2TP IPSec Address Pool

The RAPs do not need to be routable, because at minimum, they need to contact the controller.

Users who connect via VPN either need to have routable addresses, or the Defautl-VPN-role that they are placed in needs to have a source-nat pool reference that I mentioned in the post before.

Does that make sense?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

Re: L2TP IPSec Address Pool

Yeah that makes sense, I think I was getting confused with the RAP2 stuff.

Cheers mate.
Search Airheads
Showing results for 
Search instead for 
Did you mean: