Wireless Access

Reply
MVP
Posts: 765
Registered: ‎03-25-2009

master local through own VPN?

[ Edited ]

Anyone care to shed some light on this?

What would be the best way to set up the following?

master-local-throughvpn.png

 

I was trying to get the master (A3400) and local (A620) connected trough a VPN set up between the 2 controllers themselves but the master-local ipsec-map replaces my destination net in the vpn config as they overlap.

Is there an easy way to accomplish what I'm trying to do or do I have to set up the 620 as a master on its own?

 

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba
Posts: 233
Registered: ‎11-19-2009

Re: master local through own VPN?


Two key points for site-site VPN with one static and one dynamically addresses controller configuration:-

 

1. To support site-site VPN with dynamically addressed devices, we must enable IKE Aggressive-Mode with Authentication based on a Pre-Shared-Key.


2. The Aruba controller with a dynamic IP address must be configured to be the initiator of IKE Aggressive-mode for Site-Site VPN, while the controller with a static IP address must be configured as the responder of IKE Aggressive-mode.

 

So in this case, since 3400 controller has the static public ip, this should be configured as responder and the other end A620 should be configured as initiator.

 

Hope this helps.

 

Thanks

MVP
Posts: 765
Registered: ‎03-25-2009

Re: master local through own VPN?

Hi Sriram,

 

The VPN is working fine. My problem is pulling the master-local through it.

Since my destination net and the controller ip overlap my ipsec-map gets replaced and my VPN fails.

 

Setting up both controllers as standalone and have the clients communicate through their VPN works fine.

 

So the question realy is not how to set up a dynamic-static vpn but rather how to get master-local through a VPN set up by the Aruba VPN devices themselves.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba
Posts: 233
Registered: ‎11-19-2009

Re: master local through own VPN?

Hmm. I see.

 

Since VPN site-site is already up and running; master-local may not come up as there would be an overlap of one more IPsec tunnel on the existing tunnel with same src-net and des-net.

 

Thanks!

MVP
Posts: 765
Registered: ‎03-25-2009

Re: master local through own VPN?

Nope, master-local ipsec wipes out my user created vpn.

Guess I'll mark this as not feasible for now.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: