Wireless Access

last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Aruba 7030 Controller behind Meraki MX100

This thread has been viewed 2 times

  • 1.  Aruba 7030 Controller behind Meraki MX100

    Posted Apr 28, 2020 09:53 AM

    Hello all you wonderful people!

     

    I know the first response is going to be call TAC, and I would but, my company was acquired and they didn't pay the license on all the Aruba systems, they are working on getting it fixed but it seems that it takes a bit of time. So in the mean time I'm turning to all of you brilliant people out there.

     

    So here's my issue:

     

    Replaced a juniper firewall with a Cisco MX100 - and most things are working as expected for the Aruba - the IAPs connect and work fine - my issue is with VIA vpn - it connects and can access everything internal - it just can't get back out to the internet (and many of our tools are cloud based, locked down for IP access). So you can't get to them or anything.

     

    Things I've observed are that I can't ping out from a connected client by either name or ip. The Controller can ping some things by ip but not others (8.8.8.8 fails, but 72.163.4.185 works). So I'm thinking its the configuration on the MX firewall but just can't spot the issue - so Does anybody else out there have a similar setup?

     

    Thank you!

     

    Lirria



  • 2.  RE: Aruba 7030 Controller behind Meraki MX100

    Posted Apr 28, 2020 10:17 AM

    Hello, 

     

    Please call tac... I'm kidding

     

    On your firewall the subnet you give to clients is correctly configured to do NAT outside ? 

     

     



  • 3.  RE: Aruba 7030 Controller behind Meraki MX100

    MVP GURU
    Posted Apr 28, 2020 10:17 AM

    Are you doing a source NAT on the VIA clients to an IP on the controller when it leaves?

     

    Is it possible to set up split tunneling for your VIA clients so that any external destinations can leave on their local network and not from your internal network. Or do you have security requirements to tunnel all VPN traffic back inside first?

     

     



  • 4.  RE: Aruba 7030 Controller behind Meraki MX100

    MVP
    Posted Apr 28, 2020 11:10 AM

    Split-Tunneling the VIA clients might help.

     

    Also, refer to VIA VRD on the following link, it can be helpful in general for VIA concepts:

    https://community.arubanetworks.com/aruba/attachments/aruba/Aruba-VRDs/165/1/VIAAppNote.pdf



  • 5.  RE: Aruba 7030 Controller behind Meraki MX100
    Best Answer

    Posted Apr 28, 2020 01:41 PM

    So a big thank you to Colin for all his help here - and to all of you that chimed in (stupid mail system didn't deliver the messages in a fast fashion)

     

    So the resolution was as follows.

     

    On the MX firewall - I had setup a VLAN for the wireless controller - that seems to be the issue (OK I'll admit it - my network is really wacked)

     

    So I removed the VLAN configuration, added a route to go to the core switch and now everything is working.

     

    I really do appreciate all the help from here (and soon I should be able to call TAC - they keep saying management has the quote and is working on getting it paid......)

     

    Thank you all!