Community Feedback

last person joined: 7 days ago 

How is the community doing? Do you have any questions or feedback related for the Airheads Community team? This is the place to let us know.
Expand all | Collapse all

VPN Capabilities with Aruba RAP devices

This thread has been viewed 10 times
  • 1.  VPN Capabilities with Aruba RAP devices

    Posted May 04, 2021 12:12 PM
    Hi Everyone,

    I have a question concerning Aruba RAP devices. I understand they're devices that synchronize with your Mobility controller via VPN IPsec tunnels in order to gain connectivity into companies network.

    My question is, does a Aruba RAP device support advance VPN technologies to support DMVPN, or GRE tunnels over IPsec in order to enable dynamic routing protocols? The reason for this is because we plan on deploying over 5,000 devices for remote users and I want to be able to achieve seamless deployment by supporting DMVPN and the ability for the client device to perform failover within their IPSec tunnels. 

    We understand that failover can occur from one Mobility controller to another at the datacenter. But in this scenario, lets say routing breaks within the client ISP?  we would like a solution to have the Client/RAP use another backup source to keep its IPSec tunnels up to connect to a mobility controller at our backup location.


  • 2.  RE: VPN Capabilities with Aruba RAP devices

    Posted May 06, 2021 08:30 AM
    HI,

    there is not DMVPN on MC.

    For backup source, you can use DNS entries

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: VPN Capabilities with Aruba RAP devices

    Posted May 07, 2021 04:50 AM
    RAP's are meant for remote workers and not for connecting remote sites. If you need more advanced features like dynamic routing and routing into multiple active DCs you should look into SD-Branch with 9004 gateways.

    Not sure about MM (Mobility Conducter nowadays...) but with Central managed "RAPs" (IAPs) you can connect to primary + backup VPN controller and the VPN tunnel is active to both sites. All the traffic goes via the first site but if you have a failure with first VPNC, traffic moves to secondary VPN tunnel instantly. You cna have something like /29 behind the IAP and route that in your network, so you can do fail over to another DC easily.