Controllerless Networks

Occasional Contributor II

IPSec VPN from RAP-109 to Controller 3600



we want to connect a RAP-109 over the internet to a mobility controller 3600 with ipsec VPN. The configuration in the RAP is very simple, but we are not about sure about the configuration in the 3600 controller.


At this time we have an ipsec connect between our two 3600 controllers and don't want to impact the business.


Any ideas how to config the controllers without disturbing the controller ipsec tunnel?

Guru Elite

Re: IPSec VPN from RAP-109 to Controller 3600

The RAP VRD provides step-by-step for setting up and provisioning remote APs.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480

Re: IPSec VPN from RAP-109 to Controller 3600

You need to do a couple of things:


- Create an "address pools" for the RAP to get an internal controller IP address

- Add the wired mac address of the RAP in the RAP whitelist


- You need to create an AP-Group that has the public IP address that the RAP will use to reach the controller (Make sure that you allow UDP/4500 for that IP address on your firewall for incoming traffic coming from the internet)

You need add the public IP address in the provisioning profile (Master IP)


- If your RAP109 is up and running you should see the "instant" SSID connect to it, open your browser and type "" , then go to the Maintenance tab >Convert and use the following option and type the public IP address that the controller should be reached from the remote location 

2015-01-08 08_56_08-Instant.png

Thank you

Victor Fabian
Lead Mobility Architect @WEI
Search Airheads
Showing results for 
Search instead for 
Did you mean: