Wireless Access

Hi Guys,Im in need of your help! We currently have a 3200 controller in a data centre which our servers site behind. All of our branches have RAP5s or RAP155s that connect to the 3200 to provide access to the servers from the computers behind the RAPS. 

At our HQ we have some AP93s that were working untill we did the latest upgrade to the firmware on the 3200, we have since found out that AP93s are not supported behind a RAP so decided to replace the RAP5 at the HQ with a 650 controller. 

We had an aruba specialist in to do the work for us but basically they are saying that the solution they have provided wont do what we are currently doing.... 

I have attached 2 simple diagrams of current setup and what we want the 650 to do in the new setup. In my head what im asking for is completely logical and seems to be quite a normal setup from what I have read and been told by others.. 

All we want is for local computers to be able to work as before and for us to be able to use the AP93s that we have... Is that to much to ask?? 

They are saying that we need to have something else infront of the 650 performing the VPN to the 3200 to enable local clients to connect to the servers at the data centre, is this correct? 

My understanding is that we can connect a modem to the adsl line and give the 650 a static external IP and connect directly to the 3200 to setup as local to the master as well as performing the VPN tunnel? 

Any clarification here would be greatly appriciated! 

Thanks in advance

Anthony

How many AP93s do you want to have at these sites?

Hi Colin,

3 currently may purchase another 2.

Is the user traffic tunneled back to the datacenter?  If yes, why not make the AP93s RAPs?

The RAP is currently tunneled back to the DC, the guys doing the install are saying that I need something to perform the VPN duties that the RAP used to do so that the copmuters can connect to the servers? 

I think once the 650 is setup the APs will be fine.

Are these wired or wireless computers?

Wired to the switch connected to the RAP/650

You could create a site to site ipsec VPN between the 650 and the 3200, where wired traffic can be routed back and access points can terminate on the 650.

Thats I what I thought we could do, but for some reason we are being told its not supported?? 

A site to site VPN between a 650 and a 3200 over the internet is supported.  An AP behind a wired port on a RAP is NOT supported.

Does the 650 handle the connection? or are they right to say we need soemthing else doing the site to site vpn?

The 650 and the 3200 can have site to site VPNs between them without additional equipment.  The 650 can sit behind a router at a site and initiate the site to site VPN.  You will have to create routes on your internal router to point to your 3200 to indicate that traffic must pass through the 3200 to access the user subnets behind the 650.

Ok Thanks for all your help Colin, you have backed up my thoughts.

Thanks

Anthony