Controllerless Networks

New Contributor

IAP VPN on controller without license

Hi all,

could someone help with IAP VPN, please? 

Basically I have IAP terminating VPN on controller and once controller is with AP license and second time without AP license.


1. controller with license:

If I add IAP to to whitelist-db rap I'll se that IAP will get Remote-IP configured over whitelist. This remote-IP is pingable and I am even able to ssh on IAP over VPN tunnel created.


My question is if I am able to reach some other subnets  behind this tunnel on customer side? For example I have client conneted to IAP SSID and this subnet is bridged locally on customer site. Or am I able to reach just remote-ip of IAP?


2. controller without license:

According to my info for IAP <-> Controller VPN termination no licenses are needed (if I take in account that I do not want to change default VPN role or policies inside of the role).

According to my test I see on controller that VPN tunnel has been setup but I am not able to reach anything from DC through this tunnel on customer site. Even not IAP itself. 

So my question is, do I need licenses in case I would like to reach some suctomer subnet behind tunnel?

Can I ssh to IAP?


THX for help

Search Airheads
Showing results for 
Search instead for 
Did you mean: