Cloud Managed Networks

 View Only
  • 1.  Network routing Aruba Gateway 9004

    Posted Nov 03, 2022 11:32 AM

    Hi all,

    I'am deploying 9004 gateways location wide within our company as branche gateways. For some services, i.e. Telephony and smart locks on some doors, I want to use VPN to connect securely to the servers that host the software. Telephony and the locks are used on several locations and the software is hosted on a server at our headquarter office. So I build a VPN that connects for my needs but I am struggling with the VPN set-up.
    I want to route more than one local and remote subnet over the VPN but I don't succeed in doing that.

    Does anyone know how to route more than one subnet over the site-to-site VPN?

    Any help will be appreciated!

    Cheers.

    Erik



  • 2.  RE: Network routing Aruba Gateway 9004

    Posted Nov 03, 2022 03:14 PM
    Hi Erik,

    as I understand you have set up a Site2Site IPsec between two gateways, correct?
    You can create a policy based routing rule to send traffic through the IPsec. I'm not sure if that is the easiest way to do it, but in my cases it workes.

    For that you should set the IPsec tunnel to destination "Any" or the subnet, that you want to reach through the tunnel. Then go into Routing > NextHop Config and configure a Nexthop for that IPsec tunnel. Then you can go into Routing > Policy Based Routing and create a rule that defines what traffic should go into that NextHop. So in your case, source any / destination the smart locks subnet. I always put a "any any regular forwarding" at the bottom, but I'm not sure if that is necessary.

    Then you have to bind that routing ACL to the Interfaces or VLANs where you want to apply them.
    If you are using SD-WAN, you can also apply it on the VPNC to SD-WAN Traffing under VPN > SD-WAN Overlay and select the PBR ACL as "Routing ACL"


    I hope that helps.

    ------------------------------
    Thanks,
    Bjarne
    ------------------------------



  • 3.  RE: Network routing Aruba Gateway 9004

    Posted Nov 04, 2022 08:15 AM
    Hi Bjarne,

    Thank you for your answer! Yes you're correct it's a Site2Site between two gateways.

    Thanks for your explanation how you do the routing, I am going to try that!
    Once I've tried I'll let you know if it works for me too.

    Cheers,
    Erik