Wireless Access

Reply
Frequent Contributor II
Posts: 158
Registered: ‎12-06-2010

VIA VPN to Multiple Controllers Based on Destination Subnet

We haven't implemented VIA yet, so I'd like to confirm whether or not this configuration is possible or not. We have a user that will be using an iPad and would like the ability to VPN back to multiple locations to control local resources at those locations. There is an App running on the iPad that needs to connect to each destination via VPN. It is the same App connecting to multiple destinations. If each location had it's own 600-series controller with a static public IP at each location, could VIA determine, based on destination network, which controller to VPN to? if so, would this be done transparent to the user?

 

In addition, we would like VIA to operate in split-tunnel so that all non-defined traffic just goes out the iPad's WIFI or 3G internet connection. Hopefully that makes sense. I know that VIA can do split-tunnel to a single VPN destination, my main concern is whether it can use multiple VPN destinations based on the destination subnet.

 

Example:

Destination 1: 192.168.1.0 /24   <---VPN----< VIA ----< iPad

Destination 2: 172.16.10.2 /24   <---VPN----< VIA ----< iPad

Destination 3: 192.168.50.0 /24   <---VPN----< VIA ----< iPad

 

Network Engineer | Airhead | Titus 3:5
Aruba Employee
Posts: 117
Registered: ‎09-21-2010

Re: VIA VPN to Multiple Controllers Based on Destination Subnet

[ Edited ]

VIA can't simultaneously form multiple connections to multiple controllers. VIA forms an IPsec to only one controller at any given time. A user can manually select which controller he wants to connect  but VIA won't start forming IPsec connections to multiple controllers based on the destination.

 

However, since you have a 600 at each site with static IP you can connect VIA to one location and form IPsec tunnels between other controllers. So, VIA will connect to controller X and the Controller X will forward traffic to other controllers based on the destination (this might increase the bandwidth a little at controller X location). You can also load balance , where a set on users will connect to controller X by default and the another set of users connect to controller Y and the rest to controller Z and so on. This way not all users terminate at one controller at all the time. VIA also supports split-tunneling.

 

Regards,

Sathya

Frequent Contributor II
Posts: 158
Registered: ‎12-06-2010

Re: VIA VPN to Multiple Controllers Based on Destination Subnet

Thanks, Sathya. That does help, but let me clarify our situation a little more. The iPad will NOT need to form multiple IPSEC tunnels simultaneously...only one at a time.

 

Example: iPad needs to access resources at Destination A. VIA builds IPSEC tunnel automatically to Controller A. Then, iPad needs to access resources at Destination C. VIA builds new IPSEC tunnel to Controller C, thus disconnecting the original tunnel. Is that possible?

Network Engineer | Airhead | Titus 3:5
Aruba Employee
Posts: 117
Registered: ‎09-21-2010

Re: VIA VPN to Multiple Controllers Based on Destination Subnet

No, that is not possible today.

 

Regards,

Sathya

Frequent Contributor II
Posts: 158
Registered: ‎12-06-2010

Re: VIA VPN to Multiple Controllers Based on Destination Subnet

Thanks, Sathya. I think the tunnels between controllers is the best way to go.

Network Engineer | Airhead | Titus 3:5
Search Airheads
Showing results for 
Search instead for 
Did you mean: