@ngutri wrote:
What is the best solution for a small remote branch with a small controller to tunnel back to the HQ? I am normally setting up a site-to-site VPN. This way the remote controller is a master (or stands alone). The main benefit is I can use some old 200 controllers with AOS 5. I heard that the VPN tunnel to Aruba master also works with other vendors.
Recently, I set up a site with a 650 controller AOS 6, the recommendation was set it up as a local controller and IPSEC tunnel to the master. I can see many benefits of this IPSEC tunnel: simple configuration, centralized management, and easy troubleshooting.
What is the recommendation from the Aruba guru?
Regards,
Trinh Nguyen
Strictly my opinion:
Only do a site-to-site with an Aruba Controller to an Aruba Controller, because IPSEC between them is tested.
If you have another manufacturer that changes their ipsec implementation, it might break your connection permanently.
Using a 200 is a good idea, since you are running your controllers as all masters, and you do not require the config to be synchronized with a controller that runs 6.x and above. If you have a 600 it is better because you can sync the configs if you want to and enjoy all the benefits that you mentioned.
Depending on your configuration, your controller can also be your local internet firewall, if you wanted. You can even see how to connect your 200 controller to a cable modem here: http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Connect-your-Aruba-Controller-to-a-Cable-Modem/m-p/951/highlight/true#M64