05-13-2014 09:14 AM - last edited on 05-13-2014 06:28 PM by
I am currently working on IAP and VPN tunnel to a mobility controller.
Currently I'm not sure how to get a "Distributed, L3" DHCP scope running so that it would route into the VPN tunnel.
It works well when I follow the tutorials from here using "Distributed, L2".
So, when I turn on a Distributed L3 Scope, my local client gets an IP address from the VC, but no traffic is being passed through the tunnel. When I change the scope back to Distributed, L2, everything works as expected.
Do I need to change anyting in my VPN settings when I want to use Distributed L3 scopes?
Thanks in advance!
Solved! Go to Solution.
05-13-2014 12:05 PM
You may need to also specify and configure the routing profile as well.
On Distributed L3 mode, The virtual controller acts as both the DHCP server and default gateway.
Corporate traffic (traffic matching routing profile) from clients is routed through the VPN tunnel. All other traffic is src-nat’ed on VC.
ip dhcp l3-dhcp server-type
Distributed,L3 server-vlan 30
ip-range 10.30.0.0 10.30.255.255 dns-server 10.1.1.50,10.1.1.30 domain-name testdomain.com
routing profile config
VPN primary IP is configured. This IP address is the Public IP address of the IAP.
vpn primary <public IP of controller>
Routing profile is defined to tunnel all traffic through IPSec tunnel
routing-profile route 0.0.0.0 0.0.0.0 <public IP of controller>
Let me know if that helps.
Re: IAP VPN and Distributed L3 Scope
05-14-2014 04:29 AM
Thanks, Sriram, I have it working now :smileyhappy:
I did not pay attention to the fact that the VPN traffic is fully routed when usng Distributed,L3 (always expected that it would be source-nat'ed) - so when I created a backward route for the IAP network in my corporate network pointing to the controller it all worked fine.