Hi Zak,
Thanks for responding, I did make some progress actually and finally have a working set up now. Maybe it was the fact that I did not have port-forwarding on to UDP port 4500. Regardless of that, the biggest challenge is finding up-to-date documentation. The link below helped me.
https://www.arubanetworks.com/techdocs/VSG/docs/080-sd-branch-deploy/esp-sd-branch-deploy-100-L3-Microbranch/
With regard to your questions:
I am new to the term "configuration set", have not heard that term before. My 9004 is in a VPNC group and I did configure Uplinks for both the 9004 at the device level, and the microbranch.
With regard to the topology, I did not specifically recall configuring it as a global parameter, but I do see the microbranch is configured as hub-spoke
Two things currently make the whole experience challenging:
The rapid changes in Aruba Central and the resulting journey of finding the most current documentation.
Not being able to rely on Aruba Central to push the configuration to the device. I configured static routes on the VPNC and they just would not push to the device. I had to remove the device from the group (put it in the default), and move it back. Then as by a miracle the static routes appeared. It is these kind of things that make you doubt yourself.
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------
Original Message:
Sent: Mar 26, 2024 06:08 PM
From: 802.zak
Subject: Microbranch how to AOS 10 (behind NAT routers)
On the AP Group Configuration:
Do you have the "Data Center" configuration set? This includes the Hub Group assignment.
Do you have the "WAN Uplink" configuration set?
On the Global Overlay Configuration:
Do you have your "Topology" set?
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Mar 25, 2024 05:51 PM
From: mvanoverbeek
Subject: Microbranch how to AOS 10 (behind NAT routers)
As part of a PoC I am trying to configure a Microbranch to a VPNC. I tried to follow the AOS 8 Microbranch from scratch video's but it is kind of hard at one point because the GUI in the videos differs from what I see in Aruba Central.
HW used:
Gateway: 9004
AP: 345
SW: AOS 10 (latest version)
I suspect I am overlooking something but it looks like there is just no attempt made to establish an IPSEC tunnel but hope some people can help, I still find troubleshooting a little hard in Aruba as I am not as familiar with troubleshooting it as I am with some other vendors.
What is working:
- Both devices are online
- System IP configured
- SSID online on microbranch
- Shared DHCP pool is allocating /29 networks for Microbranch
Here are some screenshots of the environment:
I checked my firewall but was unable to see any IKE traffic passing by as if the device is not even attempt to establish an IPSEC tunnel.
Both Microbranch and Gateway are behind NAT but I did do a port forwarding the in Firewall for UDP 500 towards the Gateway IP
Anyone have some suggestions, tips? I am kind of lost at the moment :(
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------