I've tried to do this once before, but didn't work at the time. I have to set the VPN host to be the physical address of the controller and in the event of a failure we need to manually change the address in the Instant config. This is not ideal for a large distributed enterprise.
Unfortunately I don't have a chance to test again.
Yes...this should work. HOWEVER, in the routing table config for VPN on the IAP, you MUST define the physical interfaces for that detination subnet.
Consider an organization with 2 datacenters: DC1 and DC2: Each datacenter has a pair of VRRP based redundant controllers.
excellent, that's great to know. Thanks Seth.
What about on the controller end for the GRE tunnel? Can it terminate on the VC address, or does it still need to be the IAP address?
for a GRE? I didn't think it needs an inner ip for that.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.