Wireless Access

Reply
Aruba Employee

Re: ipsec between aruba controllers

Hi Pete,

 

You can setup a VPN tunnel between the controllers first and within that tunnel you can create a L2 GRE tunnel to transport the vlan between the sites.

 

Jonas

Frequent Contributor II

Re: ipsec between aruba controllers

thanks Jonas for getting back to me.

i guess this is something i can try in our lab.

Is it setup you have tried?

Aruba Employee

Re: ipsec between aruba controllers

Pete,

 

Yes, I have tried it and used it in production deployments too.

 

/Jonas

Frequent Contributor II

Re: ipsec between aruba controllers

thanks Jonas,

do you have a config doc for this?

 

Highlighted
Aruba Employee

Re: ipsec between aruba controllers

Hi Pete,

 

We do have a solution for this in Aruba Solution Exchange.

 

https://ase.arubanetworks.com/solutions/id/116

 

This will help you create the config and also have it documented :)

 

/Jonas

Frequent Contributor II

Re: ipsec between aruba controllers

this certainly looks like what i need.

can i just clarify:-# in the configuration notes below it says set up the GRE tunnel with the same Source/Destination networks as IPSEC.

Is this right?

 

CONFIGURATION NOTES

Site-to-site IPSEC vpn is configured with source/destination networks on the private Vlans. L2 GRE is configured with the same Source/Destination networks as IPSEC. 

At headquarter, Controller also has private/public Vlans. Guest users in a private vlan. Guest Vlan is extended to Guest anchor controller through L2 GRE.

At Datacenter/DMZ, guest anchor controller has both private/public Vlans.

Aruba Employee

Re: ipsec between aruba controllers

Yes, you should build the l2 gre tunnel between the inner IPs of the IPSEC, so in that case it is correct. So you should not for example set source/destinations network for the gre as the network tunneled over. controller dont care . Depending on what you are trying to achive, you then redirect traffic into that tunnel based on role or similar. I think it was a role config for redirecting traffic into the tunnel in the solution. 

 

/Jonas

 

 

 

 

Frequent Contributor II

Re: ipsec between aruba controllers

thanks Jonas,

here's my thinking:-

Site-site between controllers with the public IP addresses of the headquaters and DMZ as the destination ip.

GRE tunnel between the controller provate ip addresses.

how does this sound?

pete

Frequent Contributor II

Re: ipsec between aruba controllers

Jonas,

tried out that solution works just fine thanks for your help.

cheers

pete

 

MVP

Re: ipsec between aruba controllers

Please accept the best post(s) as the solution then please. Helps those that come after :)

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: