Configuring site to site VPN in MAS

Aruba Employee

Environment : General site to site end point setup

To configure a site-to-site VPN with a static IP Mobility Access Switch device and static IP Mobility Controller using IKEv1, issue the following commands:

crypto-local ipsec-map <name> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip <ipaddr>

interface [loopback <loopback-number>|vlan <vlan-id>]

version v1

pre-connect enable|disable

For certificate authentication:

set ca-certificate <cacert-name>

set server-certificate <cert-name>

crypto isakmp policy <priority>

encryption {3des|aes128|aes192|aes256|des}

version v1

authentication rsa-sig

group 1|2

hash {md5|sha|sha1-96}

lifetime <seconds>

For preshared key authentication:

crypto-local isakmp key <key> address <ipaddr> netmask <mask>

 crypto isakmp policy <priority>

encryption {3des|aes128|aes192|aes256|des}

version v1

authentication pre-share

group {1|2}

hash {md5|sha|sha1-96}

lifetime <seconds>

 To configure site-to-site VPN with a static Mobility Access Switch and a dynamically addressed Mobility Controller that initiates IKE Aggressive-mode for Site-Site VPN:

crypto-local ipsec-map <name> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip <ipaddr>

local-fqdn <local_id_fqdn>

interface [loopback <loopback-number>|vlan <vlan-id>]

pre-connect [enable|disable]

For the Pre-shared-key:

crypto-local isakmp key <key> address <ipaddr> netmask 255.255.255.255

For a static IP Mobility Controller that responds to IKE Aggressive-mode for Site-Site VPN:

crypto-local ipsec-map <name2> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip 0.0.0.0

peer-fqdn fqdn-id <peer_id_fqdn>

vlan <id>

For the Pre-shared-key:

crypto-local isakmp key <key> fqdn <fqdn-id>

For a static IP Mobility Access Switch that responds to IKE Aggressive-mode for Site-Site VPN with One PSK for All FQDNs:

crypto-local ipsec-map <name2> <priority>

src-net <ipaddr> <mask>

peer-ip 0.0.0.0

peer-fqdn any-fqdn

vlan <id>

For the Pre-shared-key for All FQDNs:

crypto-local isakmp key <key> fqdn-any

Version history
Revision #:
1 of 1
Last update:
‎11-04-2014 04:00 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: