Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

This thread has been viewed 47 times

  • 1.  IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Apr 22, 2019 09:32 PM
      |   view attached

    This is a short design and configuration guide (35 pages) for configuring IPSEC VPN from Aruba Instant APs (IAP) to an Aruba VPN concentrator (VPNC) in DMZ. The main aim here is to show case two of the most common forwarding modes namely Centralised L2 and Distributed L3.

     

    We’ll use an SSID in Centralised L2 mode while using an E1 port of an IAP in Distributed L3 mode.

     

    The document also demonstrate the new feature with Aruba Instant 8.4.x that provides pre-emption enhancement for IAP-VPN. With this feature IAPs can detect the reachability of a primary VPN over the Ethernet uplink without bringing the 3G/4G link down. Here we’ll use two failover IP addresses one for each of the uplinks. (Ethernet and 3G/4G).

     

    You should note that IAP-VPN are completely supported on Aruba SD-Branch solution. So you could have micro branches that require just an IAP or small branches that require a few IAPs but still smaller that branches that require a branch gateways, to create VPN tunnels to the same VPNCs which are used for the Branch Gateways. This becomes a very cost effective solution.

     

    Hope you’ll find it useful and as always please send through your feedbacks for its improvement.

    Attachment(s)

    pdf
    Instant8.4-IAP-VPN-v0.2.pdf   1.44 MB 1 version


  • 2.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    Posted Apr 24, 2019 02:04 PM

    How did you know I've got two iAP on my desk waiting for me to find the time to figure out "micro-branch" deployment??!



  • 3.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Apr 25, 2019 07:42 AM

    :-)

     



  • 4.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    Posted Apr 26, 2019 12:00 AM

    Hi Ariya,

    So for Instant example can we have 1x 4G USB connected in a cluster (probably to the preferred VC), and all of the cluster members will be able to use it for their tunnels?

     



  • 5.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Apr 26, 2019 01:24 AM

    yes you can do that, note that using Aruba IPSEC, the IPSEC tunnels are created from the VC.



  • 6.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    Posted Jul 08, 2019 06:37 AM

    Thank you, i followed the guide, working now 



  • 7.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Jul 08, 2019 07:18 AM

    Thats great.



  • 8.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Dec 02, 2020 02:43 PM
    Saved my day buddy.
    The "iapvpn-trusted-branch-db allow-all" is missing from aruba guides.
    I managed to do a PoC with with wifi uplink and cellular as backup.

    ------------------------------
    Matan Tal
    ------------------------------

    Original Message


  • 9.  RE: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

    EMPLOYEE
    Posted Dec 07, 2020 06:21 AM
    That command was introduced after the introduction of IAP VPN to prevent locally managed Instant APs to connect to a controller and connect to any VLAN and any role by modifying the local configuration on the AP.

    Can you share with me in a personal reply which guides you used and where you got them from, so I can see if I can have this information added?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message