Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Adding new controller to existing VPN VIA solution

This thread has been viewed 0 times

  • 1.  Adding new controller to existing VPN VIA solution

    Posted Mar 18, 2020 01:33 PM

    We currently have 2 x 7210 controllers sat in our main office supplying a VPN service with VIA. Of course the biggest restriction is the Internet for the site; not the controllers in terms of speed users are getting. 

     

    Looking at utilising a new controller in our other office that has a unused Internet link. Which of the following do you think would be best:

     

    Option A

     

    Take one of the controllers offline from the main office; give it some new IP addresses and routes, then update the external DNS to reflect the new IP address. Feels a little bit cow boyish … it’s going to have to have new public IP and local IPs at least. Just feels like a risky change?

     

    Option B

     

    We have a spare 7210 controller; install this from scratch at our other site; set up as a new controller within this solution and simply add to the profile as another server to use in the existing profiles? My only concern here is forcing everyone to download a new profile?

     

    Thinking of a way to have the same service split across 2 geographically separate sites, but in a safe way where the users barely notice the change.

     

    Luckily (I think), we don’t have these controllers setup in a VRRP type setup; the VIA client see’s them as 2 separate servers. Each controller has its own profile which points to itself and server number 2 is the other controller ... and vice versa - hope that makes sense.

     

    If you suddenly changed / added to this, would everyone be forced to download a new profile? Which option do you think is best / safest / least impactful?



  • 2.  RE: Adding new controller to existing VPN VIA solution

    EMPLOYEE
    Posted Mar 19, 2020 04:49 PM

    Your VIA profiles can reference hostname or IP address. Are you using hostnames only, or mixing hostnames and IP addresses?



  • 3.  RE: Adding new controller to existing VPN VIA solution

    Posted Mar 19, 2020 05:20 PM

    The existing profile uses IP in the profile. 

    I’m ordering some new controllers now to put at our other office. Will build this from scratch ready for a new service. 

    It would be nice just to add these new controllers as a new server in the existing profile. 

    What happens if I simply add a new server to the profile? Will the users automatically get the new profile when connecting? Or do they need to download the profile again?

     

    If it’s a profile download again, can I distribute with GPO instead of them downloading from scratch?



  • 4.  RE: Adding new controller to existing VPN VIA solution
    Best Answer

    EMPLOYEE
    Posted Mar 19, 2020 05:43 PM

    So I agree with the two options as you've spelled it out. With the use of IPs in the profiles, you only have the option to re-use those IPs on new hardware, or download a new profile. If you go the route of downloading new profiles, it may be beneficial to have the new profiles reference hostnames as well, for extra flexibility in the future.



  • 5.  RE: Adding new controller to existing VPN VIA solution

    Posted Mar 20, 2020 02:33 AM

    Thank you

     

    If I wanted to distribute the new profile to my users without having them going through a new profile download; can I distribute the new one to them via GPO?

     

    If so, how?

     

    thanks 



  • 6.  RE: Adding new controller to existing VPN VIA solution

    EMPLOYEE
    Posted Mar 20, 2020 11:39 AM

    The VIA client can be pushed out via GPO, but I'm not aware of a method for distributing VIA profiles out of band via GPO rather than from inside the client itself.