07-13-2015 02:39 AM
I have a DC site a DR site and branch offices with IAP's. One of my location is connected to DC via IAP VPN. Is it possibe that when IAP VPN link between brach office and DC goes down, automatically it should form a Backup link to DR site. Can we form two VPN links as active and standby in IAP VPN secnario. If yes, then will this switch be statefull, i.e. without drop in clients existing session. please help with config.
Solved! Go to Solution.
07-13-2015 03:13 AM
yes you can do it.
Under VPN configuration on the IAP you can configurte the primary and secondary VPN. You will need to add the default route to the primary DC and another default route to the DR data center. Be careful with the order, the route to the primary DC must be above the other one.
Hope this helps.
ACMX #567 //ACCP//CWNA
07-13-2015 04:48 AM
There will be some some negligible packet loos during the transition. hope user will not experience any significant performance issue.
[Is my post helped you ? Give Kudos :) ]
07-13-2015 05:18 AM
thanks for your reply,
Will this be statefull transition from one link to another, requirement is that user ongoing session should not get affected!
There is potential for significant loss of traffic or loss of sessions, depending on your network design. For it to even possibly be stateful, the second location would somehow need to be able to place the users on the same layer 2 vlan that they were in initially. If the second location does not have the same layer 2 vlan, most likely the user will obtain a different ip address and all sessions would be reset.
The only way to attempt to give users the same ip addresses that they had when failover occurs to two different location is to run OSPF between two controllers. Even in that situation, the first controller would have to fail or the network would have to be down for the routes to be propagated to the second controller. If a single access point lost contact with the controller and failed over, the routes would not be there and the user would not be able to pass traffic.
Please do not plan on stateful failover. It is quite possible that you are a better candidate for remote AP.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base