Controllerless Networks

Occasional Contributor II

Aruba Ipsec tunnel

Hi All,


i'm trying to set up an L2 tunnel between an IAP93 and a 3200XM Mobility controller. i'd like to know what are the steps to follow to configure that, especially on the controller side. Actually, i've configured the whitelist and the inner pool IP but it seems that something is missing.


As far as i understand, an Ipsec tunnel is first established between the IAP and the controller, then an L2TP tunnel is set. I assume that the show crypto isakmp sa and show crypto ipsec sa are the commands to execute in order to see if the ipsec tunnel is well established, i would love to know what are the commands to troubleshoot the L2TP tunnel.


Many thanks guys!!

Guru Elite

Re: Aruba Ipsec tunnel

Take a look here. You can ignore the airwave piece.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Aruba Ipsec tunnel

Are you running iap 4.0+ and AOS 6.4?

If so, please see this note.

From Controller 6.4+ release and IAP 4.0+ release, IAP can form VPN tunnel to controller only if they are
managed by Aruba Central or Airwave; not if they are locally managed.

If one wants IAP pre-4.0 VPN deployments or locally-managed IAPs to form VPN tunnel to an AOS-
6.4+controller, a configuration is explicitly needed to bypass this check. To allow a single branch or all
branches use the following commands

iap trusted-branch-db add mac-address

iap trusted-branch-db allow-all
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
Super Contributor II

Re: Aruba Ipsec tunnel


    I assume that these commands are for the controller. What mac address needs to be used, the VC MAC address?

Search Airheads
Showing results for 
Search instead for 
Did you mean: