Wireless Access

Reply
Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

IPSec over Mesh

Hi,

 

I have an Aruba Controller (SW: 6.1.2.7) and I have to build up a Mesh. This mesh is secured by WPA. My problem ist that the customer does not trust WPA.

 

Is there a soulution to encapsulate the WPA-Traffic into an IPSec tunnel? I've readed about double-encryption but this is only a feature for RAPs.

 

Regards,

Marco

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: IPSec over Mesh

Please note that Aruba OS MESH links are encrypted by WPA-2, not WPA.   A big difference... although neither is in danger of being practically breached at this point in time.

 

Keep in mind that the WPA-2 we use on mesh links utilizes AES encryption (circa 1990's) which is ~20 years newer than the typical encryption type used by VPN clients (3DES...circa 1970's).    aka.   one is actually much 'safer' when using AES... aka the Mesh link encryption than a VPN client if one takes a step back to consider the underlying technologies in use.

 

Hope that helps... ?


JF 

Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Re: IPSec over Mesh

Hi,

 

thanks for your answer. Yes WPA2 is secure, I believe that :-)

 

But the customer want's to have an IPSec-Tunnel in the WPA2-Tunnel because he dont trusts in WPA2.

 

Is there a possibility?

 

The solution should be

 

RAP ------> MESH-Point --------------------------------> Meshportal ---------->LAN------------> Aruba

 

In this sample the RAP will make an IPSec-Tunnel to the Controller. He uses the Mesh-Bridge so that ther is IPSec encapsulated in an WPA2.

 

Is this solution possible without the RAP (with only 2 APs)?

 

Regards,

Marco

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: IPSec over Mesh


mawe wrote:

Hi,

 

thanks for your answer. Yes WPA2 is secure, I believe that :-)

 

But the customer want's to have an IPSec-Tunnel in the WPA2-Tunnel because he dont trusts in WPA2.

 

Is there a possibility?

 

The solution should be

 

RAP ------> MESH-Point --------------------------------> Meshportal ---------->LAN------------> Aruba

 

In this sample the RAP will make an IPSec-Tunnel to the Controller. He uses the Mesh-Bridge so that ther is IPSec encapsulated in an WPA2.

 

Is this solution possible without the RAP (with only 2 APs)?

 

Regards,

Marco


Marco, is this a wireless or wired client that will be connecting to the mesh point?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Re: IPSec over Mesh

Hi,

 

there will be a switch which is connected to the Mesh-Point via LAN. The Mesh-Point is a single-radio-AP so that there will be no wireless connectivity for clients.

 

Problem is that the customer dont wants to use VPN-Clients :-/

 

All things should be done by the Controller.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: