Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Urgent - IPSec VPN multiple source Networks

Jump to Best Answer
  • 1.  Urgent - IPSec VPN multiple source Networks

    Posted 12 days ago

    Hello All,

     

    I'm able to setup an IPSEC IKEv2 VPN between a 7050 and Azure VPN Gateway. The vpn works well as expected. However, I have multiple subnets on the controller side that I need to reach the Azure remote networks. How do I do that? I've searched high and low and could not find information whatsoever. All the documentation I see only give a one subnet example. Is this just not supported on Aruba controllers?

     

    Here is my current config. I need to add another source network of 192.168.16.0/24.

     

    crypto-local ipsec-map VpnToAzure 100
    version v2
    set ikev2-policy 50
    peer-ip x.x.x.x
    vlan 4094
    src-net 172.30.16.0 255.255.255.0
    dst-net 172.18.0.0 255.255.0.0
    set transform-set "default-aes"
    set security-association lifetime seconds 86400
    set security-association lifetime kilobytes 1000000000
    pre-connect enable
    factory-cert-auth disable
    trusted enable
    uplink-failover disable
    ip-compression disable
    force-natt disable
    !

     

    Will really appreciate your help even if it's just to tell me it's not supported so I can try to find a workaround.

     

    Thanks



  • 2.  RE: Urgent - IPSec VPN multiple source Networks

    Posted 11 days ago

    You would add a route in your infrastructure pointing to the controller as the next hop for the subnet in your Azure infrastructure.  Your Azure infrastructure would also need a route pointing back to the controller to reach the subnets on the other side.  This is if I understand your question.



  • 3.  RE: Urgent - IPSec VPN multiple source Networks

    Posted 11 days ago

    Thanks for the response but I think you misunderstood. There are 2 subnets on the controller side of the vpn. How do I add the second subnet in the crypto map? Adding a second "src-net" command only replaces the first.



  • 4.  RE: Urgent - IPSec VPN multiple source Networks
    Best Answer

    Posted 11 days ago

    You can only add a single subnet in the crypto map.  Unless you can summarize both subnets and advertise them together, you will need some sort of route on the Azure side to point to the second subnet.