Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN

This thread has been viewed 0 times

  • 1.  Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN

    Posted Jul 04, 2015 09:09 PM

    Hello All,

     

    I am looking at Page 399 of ArubaOS 7.4 user guide and examples are only showing a single subnet. If there are multiple subnets which cannot be summarized into a supernet, do we need to create multiple ipsec-maps listing each separate src-net going over to each non-summarizable dst-net etc.?

     

    Further, if I need to have L3GRE on top of IPsec (for ospf), do I need to have multiple tunnel interfaces, one per subnet to be carried thru, or can I have one tunnel interface using management RVI address as source-ip going over to controller loopback for destination-ip?

     

    The documentation in this regard is poor. Any help will be much appreciated.

     

    Thanks

     

     



  • 2.  RE: Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN
    Best Answer

    Posted Jul 11, 2015 04:32 PM

    I was able to resolve it few days ago. As i had expected, only one IPsec tunnel and one L3 GRE tunnel was needed to funnel all the subnets at the branch. I used a summerized supernet as src-net in IPsec crypto map.