I am working on migrating RAPs to an IAP-VPN model. I'm testing a single RAP-155 and trying to terminate it on the same controller as the RAPs. I used the IAP VRD to configure IAP-VPN and did the following:
- Whitelisted IAP in controller.
- Configured IAP with Aruba GRE to primary data center controller.
- Configured IAP with default route to controller's (internal) IP.
- Configured IAP with centralized L2 scope. I specified a VLAN that RAP clients already use.
- Configured IAP with PSK SSID and specified the centralized L2 scope.
When I connect the client to the SSID, the client doesn't obtain an IP address. I configured a static IP as well, but still no network connectivity.
I verified that the IAP has an IPSec connection to controller (show crypto ipsec sa & show crypto isakmp sa). I am able to connect to the GUI of the IAP from the inside of our network. I see the client connected in the IAP GUI.
I also tried setting up a distrubuted L3 scope and it doesn't work. If I issue 'show datapath session' I'm unable to see any traffic to/from the IAPs address.
Any thoughts on what might be keeping the clients from working?