Wireless Access

Reply
Contributor I
Posts: 64
Registered: ‎06-07-2014

Backup tunnel in IAP VPN..

Hi,

 

I have a DC site a DR site and branch offices with IAP's. One of my location is connected to DC via IAP VPN. Is it possibe that when IAP VPN link between brach office and DC goes down, automatically it should form a Backup link to DR site. Can we form two VPN links as active and standby in IAP VPN secnario. If yes, then will this switch be statefull, i.e. without drop in clients existing session. please help with config.

 

Please help.

MVP
Posts: 69
Registered: ‎04-02-2013

Re: Backup tunnel in IAP VPN..

Hi,

 

yes you can do it.

 

Under VPN configuration on the IAP you can configurte the primary and secondary VPN. You will need to add the default route to the primary DC and another default route to the DR data center. Be careful with the order, the route to the primary DC must be above the other one.

 

Hope this helps.

Regards

Borja

Regards,
Borja
ACMX #567 //ACCP//CWNA
Contributor I
Posts: 64
Registered: ‎06-07-2014

Re: Backup tunnel in IAP VPN..

Hi Borja,

 

thanks for your reply, 

 

Will this be statefull transition from one link to another, requirement is that user ongoing session should not get affected!

Aruba Employee
Posts: 20
Registered: ‎01-24-2013

Re: Backup tunnel in IAP VPN..

HI Mohan,

 

There will be some some negligible packet loos during the transition. hope user will not experience any significant performance issue.

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Backup tunnel in IAP VPN..

HI Mohan,

 

There will be some some negligible packet loos during the transition. hope user will not experience any significant performance issue.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Backup tunnel in IAP VPN..


mohan007 wrote:

Hi Borja,

 

thanks for your reply, 

 

Will this be statefull transition from one link to another, requirement is that user ongoing session should not get affected!


There is potential for significant loss of traffic or loss of sessions, depending on your network design.  For it to even possibly be stateful, the second location would somehow need to be able to place the users on the same layer 2 vlan that they were in initially.  If the second location does not have the same layer 2 vlan, most likely the user will obtain a different ip address and all sessions would be reset.

 

The only way to attempt to give users the same ip addresses that they had when failover occurs to two different location is to run OSPF between two controllers.  Even in that situation, the first controller would have to fail or the network would have to be down for the routes to be propagated to the second controller.  If a single access point lost contact with the controller and failed over, the routes would not be there and the user would not be able to pass traffic.

 

Please do not plan on stateful failover.  It is quite possible that you are a better candidate for remote AP.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: