Controllerless Networks

Hi there,

I would like to use IAPs for a customer with many branches. I plan to use a small controller at the central site as VPN concentrator for the IAPs for central outbreak guest access.

To choose the right controller I need to know if  every IAP in an IAP group opens his own IPSEC Tunnel or is only the master opening one per IAP grp.

Which license is needed on the central controller that is only doing vpn termination. In my opinion just one PEFNG should be enough to enable VPN.

regards

Oliver

The VC of an IAP group will create a single IPSec tunnel to the controller.

With AOS 6.2 running on the controller there are no licenses specifically needed.  The VPN concentrator function is part of the Base OS.  There was a bug, however, in the 6.1 Technology Release, and PEFV was a workaround.

Is it only possible to set-up an IPSec tunnel to an Aruba controller from IAP or is it possible to any IPSec capable node?

I have tried to create an IPSEC tunnel to a firewall, but without success. I can not set any pre-shared keys and I do not understand how to use and load certificates in order to create IPSEC tunnels to a FW.

The manual does not show any details unfortunately.

Any suggestions?

It is not true that IAP can create IPSec to the firewall. You can do Instant VPN only between Instant VC and Aruba Controller, however in 6.2.1.0-3.4 there is a support for L2TPv3. 

Regards,