Wired Intelligent Edge (Campus Switching and Routing)

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Occasional Contributor II

Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN

Hello All,

 

I am looking at Page 399 of ArubaOS 7.4 user guide and examples are only showing a single subnet. If there are multiple subnets which cannot be summarized into a supernet, do we need to create multiple ipsec-maps listing each separate src-net going over to each non-summarizable dst-net etc.?

 

Further, if I need to have L3GRE on top of IPsec (for ospf), do I need to have multiple tunnel interfaces, one per subnet to be carried thru, or can I have one tunnel interface using management RVI address as source-ip going over to controller loopback for destination-ip?

 

The documentation in this regard is poor. Any help will be much appreciated.

 

Thanks

 

 


Accepted Solutions
Highlighted
Occasional Contributor II

Re: Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN

I was able to resolve it few days ago. As i had expected, only one IPsec tunnel and one L3 GRE tunnel was needed to funnel all the subnets at the branch. I used a summerized supernet as src-net in IPsec crypto map.  

 

 

View solution in original post


All Replies
Highlighted
Occasional Contributor II

Re: Multi Subnet Branch MAS to Corporate HQ Controller Site to Site VPN

I was able to resolve it few days ago. As i had expected, only one IPsec tunnel and one L3 GRE tunnel was needed to funnel all the subnets at the branch. I used a summerized supernet as src-net in IPsec crypto map.  

 

 

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: