Hello Everyone,
I am trying to configure IAP with anchor controllers in the DMZ to tunnel guest traffic out to the internet.
For our network we have two SSID, a corporate SSID which is bridged locally form the IAP to the upstream VLAN, and a Guest network which utilizes Centralized,L2 VPN tunnel back to the controllers in the DMZ.
We have two DMZ for redundancy, and if the VPN fails to DMZ1, the IAPs switch their VPN over to DMZ2 controllers. DMZ2 has a different VLAN for the guest users, and a different subnet.
In the IAP VPN configuraiton there is an option 'Reconnect Users on Failover. When this option is enabled, the IAP will bring down its SSIDs on failover. The issue is that this brings down all of the SSIDs. The corporate SSIDs which do not utilize the VPN tunnel for anything are also brought offline.
I have tested disabling the 'Reconnect Users on Failover' option and the corporate network works fine with this. However in this case Guest lose access until they re-associate since the IP lease they have is no longer valid.
So, is there any way to limit which SSIDs are effected by this option? I have submitted a feature request https://arubanetworkskb.secure.force.com/prm/ideas/viewIdea.apexp?id=08740000000LHdu
Pending that being approved and implemented, does anyone have any workaround for this?
_ELiasz