Controllerless Networks

Reply
Aruba Employee

IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

This is a short design and configuration guide (35 pages) for configuring IPSEC VPN from Aruba Instant APs (IAP) to an Aruba VPN concentrator (VPNC) in DMZ. The main aim here is to show case two of the most common forwarding modes namely Centralised L2 and Distributed L3.

 

We’ll use an SSID in Centralised L2 mode while using an E1 port of an IAP in Distributed L3 mode.

 

The document also demonstrate the new feature with Aruba Instant 8.4.x that provides pre-emption enhancement for IAP-VPN. With this feature IAPs can detect the reachability of a primary VPN over the Ethernet uplink without bringing the 3G/4G link down. Here we’ll use two failover IP addresses one for each of the uplinks. (Ethernet and 3G/4G).

 

You should note that IAP-VPN are completely supported on Aruba SD-Branch solution. So you could have micro branches that require just an IAP or small branches that require a few IAPs but still smaller that branches that require a branch gateways, to create VPN tunnels to the same VPNCs which are used for the Branch Gateways. This becomes a very cost effective solution.

 

Hope you’ll find it useful and as always please send through your feedbacks for its improvement.

MVP Expert

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

How did you know I've got two iAP on my desk waiting for me to find the time to figure out "micro-branch" deployment??!

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Aruba Employee

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

:-)

 

Frequent Contributor II

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

Hi Ariya,

So for Instant example can we have 1x 4G USB connected in a cluster (probably to the preferred VC), and all of the cluster members will be able to use it for their tunnels?

 

Aruba Employee

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

yes you can do that, note that using Aruba IPSEC, the IPSEC tunnels are created from the VC.

Occasional Contributor I

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

Thank you, i followed the guide, working now 

Aruba Employee

Re: IAP-VPN Centralised L2 and Distributed L3 with 3G/4G pre-emption enhancement

Thats great.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: