SD-WAN

 View Only
last person joined: 5 days ago 

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!
Expand all | Collapse all

Virtual Gateway Not working

This thread has been viewed 20 times
  • 1.  Virtual Gateway Not working

    Posted Apr 17, 2024 02:48 PM

    A second attempt to see if anyone can help me set up a Virtual Gateway in Central. I followed this procedure but the VPNC does not work properly. 

    What I want to achieve is see if I can configure a Virtual Gateway in ESXi to act as a VPNC for microbranch locations.  I checked techdocs but can't really find a version comparable to documentation describing what to do for Hardware versions.

    Here are some of the blind spots for me:

    For a hardware gateway I configured access-ports, set VLANs, and disabled spanning-tree. If I try this for a Virtual gateway. I got a warning message, what should I do then?  

    I defined the interface type as WAN and LAN both at Group and Device level, as can be seen below:

    I also defined the uplink (see below)

    Despite this however, all my interfaces at device level are showing up as LAN interfaces. The WAN tab is empty.

    All my interfaces are showing up in the LAN tab

    Included below also the overview tab of the device

    Any idea what I am doing wrong? I think the documentation says I can use a Virtual Gateway as an VPNC?



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------


  • 2.  RE: Virtual Gateway Not working

    Posted Apr 18, 2024 08:41 AM

    Hey Martijn,

    I saw this a bit ago, and was going to write, but got stuck in the endless loop of things to do.  Hopefully I will be able to help.  We had a similar problem when we set our equipment up.  Here are things we found:

    1. Aruba really likes the auto generation of VGWs.  I understand this, it works great and will take care of 95%+ of everything out there.  Unfortunatly it looks like you fit, with us, in to the last 5%.  
    2. VGWs are a bit finicky on setup.  One of the things we found is that the uplinks don't always work when doing them in advanced mode.  Try moving to device level basic mode.   Go to WAN->WAN Details and make the changes there

    3.  Make sure that you are allowing UDP500 and UDP4500 inbound to the VPNC.  There is no PHASE 1 for the gateway as Central authenticates both parties, but you still have the PHASE 2 tunnel creation.

    Start off checking these two things, and let me know how it goes.    




  • 3.  RE: Virtual Gateway Not working

    Posted Apr 19, 2024 12:56 PM

    Hi Zach,

    Thanks for responding. I tried your suggestions but unfortunately thus far have been unsuccessful. I came to the conclusion that this product is not at the maturity level I hope it would be. Whatever I try the WAN interface stays empty. Here are some of the thing I tried:

    • Delete VPNGW
    • Reinstall on ESXi
    • Created a new group and ran the basic setup in Aruba central
    • Added VPNGW to new group and at a device level ran the basic setup
    • I tried it with and without defining VLAN

    None of the scenarios led to a working VPNGW with a WAN interface. 

    What I did notice is that while using the basic setup at least I did not run into error messages

    The advanced setup generated a bunch of error messages.

    I am out of options and will open a TAC case



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------



  • 4.  RE: Virtual Gateway Not working

    Posted Apr 19, 2024 02:17 PM

    Hrrrm, 

    You used the same documentation that we did.  I am not sure what time zone you are in, but if you wanted to do a quick zoom, I could probably carve some time out.  Send me a private message.  

    I have to say once you get it going SD-Branch is a dream.