Wireless Access

Hello All,

I'm able to setup an IPSEC IKEv2 VPN between a 7050 and Azure VPN Gateway. The vpn works well as expected. However, I have multiple subnets on the controller side that I need to reach the Azure remote networks. How do I do that? I've searched high and low and could not find information whatsoever. All the documentation I see only give a one subnet example. Is this just not supported on Aruba controllers?

Here is my current config. I need to add another source network of 192.168.16.0/24.

crypto-local ipsec-map VpnToAzure 100
version v2
set ikev2-policy 50
peer-ip x.x.x.x
vlan 4094
src-net 172.30.16.0 255.255.255.0
dst-net 172.18.0.0 255.255.0.0
set transform-set "default-aes"
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 1000000000
pre-connect enable
factory-cert-auth disable
trusted enable
uplink-failover disable
ip-compression disable
force-natt disable
!

Will really appreciate your help even if it's just to tell me it's not supported so I can try to find a workaround.

Thanks

You would add a route in your infrastructure pointing to the controller as the next hop for the subnet in your Azure infrastructure.  Your Azure infrastructure would also need a route pointing back to the controller to reach the subnets on the other side.  This is if I understand your question.

Thanks for the response but I think you misunderstood. There are 2 subnets on the controller side of the vpn. How do I add the second subnet in the crypto map? Adding a second "src-net" command only replaces the first.

You can only add a single subnet in the crypto map.  Unless you can summarize both subnets and advertise them together, you will need some sort of route on the Azure side to point to the second subnet.