Wireless Access

Reply
Highlighted
Regular Contributor I

Adding new controller to existing VPN VIA solution

We currently have 2 x 7210 controllers sat in our main office supplying a VPN service with VIA. Of course the biggest restriction is the Internet for the site; not the controllers in terms of speed users are getting. 

 

Looking at utilising a new controller in our other office that has a unused Internet link. Which of the following do you think would be best:

 

Option A

 

Take one of the controllers offline from the main office; give it some new IP addresses and routes, then update the external DNS to reflect the new IP address. Feels a little bit cow boyish … it’s going to have to have new public IP and local IPs at least. Just feels like a risky change?

 

Option B

 

We have a spare 7210 controller; install this from scratch at our other site; set up as a new controller within this solution and simply add to the profile as another server to use in the existing profiles? My only concern here is forcing everyone to download a new profile?

 

Thinking of a way to have the same service split across 2 geographically separate sites, but in a safe way where the users barely notice the change.

 

Luckily (I think), we don’t have these controllers setup in a VRRP type setup; the VIA client see’s them as 2 separate servers. Each controller has its own profile which points to itself and server number 2 is the other controller ... and vice versa - hope that makes sense.

 

If you suddenly changed / added to this, would everyone be forced to download a new profile? Which option do you think is best / safest / least impactful?


Accepted Solutions
Highlighted

Re: Adding new controller to existing VPN VIA solution

So I agree with the two options as you've spelled it out. With the use of IPs in the profiles, you only have the option to re-use those IPs on new hardware, or download a new profile. If you go the route of downloading new profiles, it may be beneficial to have the new profiles reference hostnames as well, for extra flexibility in the future.


Charlie Clemmer
Aruba Customer Engineering

View solution in original post


All Replies
Highlighted

Re: Adding new controller to existing VPN VIA solution

Your VIA profiles can reference hostname or IP address. Are you using hostnames only, or mixing hostnames and IP addresses?


Charlie Clemmer
Aruba Customer Engineering
Highlighted
Regular Contributor I

Re: Adding new controller to existing VPN VIA solution

The existing profile uses IP in the profile. 

I’m ordering some new controllers now to put at our other office. Will build this from scratch ready for a new service. 

It would be nice just to add these new controllers as a new server in the existing profile. 

What happens if I simply add a new server to the profile? Will the users automatically get the new profile when connecting? Or do they need to download the profile again?

 

If it’s a profile download again, can I distribute with GPO instead of them downloading from scratch?

Highlighted

Re: Adding new controller to existing VPN VIA solution

So I agree with the two options as you've spelled it out. With the use of IPs in the profiles, you only have the option to re-use those IPs on new hardware, or download a new profile. If you go the route of downloading new profiles, it may be beneficial to have the new profiles reference hostnames as well, for extra flexibility in the future.


Charlie Clemmer
Aruba Customer Engineering

View solution in original post

Highlighted
Regular Contributor I

Re: Adding new controller to existing VPN VIA solution

Thank you

 

If I wanted to distribute the new profile to my users without having them going through a new profile download; can I distribute the new one to them via GPO?

 

If so, how?

 

thanks 

Highlighted

Re: Adding new controller to existing VPN VIA solution

The VIA client can be pushed out via GPO, but I'm not aware of a method for distributing VIA profiles out of band via GPO rather than from inside the client itself.


Charlie Clemmer
Aruba Customer Engineering
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: