03-29-2014 10:43 AM
I would like to preface my message by saying I am largely ignorant. Feel free to correct me on everything, I have come here to make a fool of myself so I can correct my misconceptions.
I have two Arubas separated by the Internet. They can ping each other. On either side of each Aruba is a separate private network. Let's call them the Office and Customer networks. Deeper in the customer network, beyond one router, is a private network I want the Office private network to be able to communicate with. Let's call that the Target network.
I was sent to the site with the goal of joining that Target network to the Office VLAN using the site-to-site VPN service, such that they exist in the same IP addressing space. I think that's impossible. I think the best we can do is have the Aruba at the customer site act as a router and leave the addressing intact and distinct. We'd then setup firewall rules to ensure we only route to and from our Office. We would thus not use the site-to-site service at all.
Am I correct that having the Target network and the Office network in the same addressing space (like, 10.128.10.0/24) via VPN is impossible with this architecture? If all I want is for the two networks to be able to communicate with each other, am I correct in that I just want the Aruba to be a router?
I appreciate any help.
03-29-2014 11:08 AM
The only chance you would have it to put a GRE tunnel inside the IPSEC tunnel and then use "tunnel VLAN x" to bridge the two VLANs. You would probably have to reduce the Tunnel MTU to 1100 so that traffic can pass successfully.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base