I'm able to setup an IPSEC IKEv2 VPN between a 7050 and Azure VPN Gateway. The vpn works well as expected. However, I have multiple subnets on the controller side that I need to reach the Azure remote networks. How do I do that? I've searched high and low and could not find information whatsoever. All the documentation I see only give a one subnet example. Is this just not supported on Aruba controllers?
Here is my current config. I need to add another source network of 192.168.16.0/24.
crypto-local ipsec-map VpnToAzure 100version v2set ikev2-policy 50peer-ip x.x.x.xvlan 4094src-net 172.30.16.0 255.255.255.0dst-net 172.18.0.0 255.255.0.0set transform-set "default-aes"set security-association lifetime seconds 86400set security-association lifetime kilobytes 1000000000pre-connect enablefactory-cert-auth disabletrusted enableuplink-failover disableip-compression disableforce-natt disable!
Will really appreciate your help even if it's just to tell me it's not supported so I can try to find a workaround.
You would add a route in your infrastructure pointing to the controller as the next hop for the subnet in your Azure infrastructure. Your Azure infrastructure would also need a route pointing back to the controller to reach the subnets on the other side. This is if I understand your question.
Thanks for the response but I think you misunderstood. There are 2 subnets on the controller side of the vpn. How do I add the second subnet in the crypto map? Adding a second "src-net" command only replaces the first.
You can only add a single subnet in the crypto map. Unless you can summarize both subnets and advertise them together, you will need some sort of route on the Azure side to point to the second subnet.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.