Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IPSec over Mesh

This thread has been viewed 0 times

  • 1.  IPSec over Mesh

    Posted Mar 12, 2012 06:39 AM

    Hi,

     

    I have an Aruba Controller (SW: 6.1.2.7) and I have to build up a Mesh. This mesh is secured by WPA. My problem ist that the customer does not trust WPA.

     

    Is there a soulution to encapsulate the WPA-Traffic into an IPSec tunnel? I've readed about double-encryption but this is only a feature for RAPs.

     

    Regards,

    Marco



  • 2.  RE: IPSec over Mesh

    Posted Mar 12, 2012 10:34 AM

    Please note that Aruba OS MESH links are encrypted by WPA-2, not WPA.   A big difference... although neither is in danger of being practically breached at this point in time.

     

    Keep in mind that the WPA-2 we use on mesh links utilizes AES encryption (circa 1990's) which is ~20 years newer than the typical encryption type used by VPN clients (3DES...circa 1970's).    aka.   one is actually much 'safer' when using AES... aka the Mesh link encryption than a VPN client if one takes a step back to consider the underlying technologies in use.

     

    Hope that helps... ?


    JF 



  • 3.  RE: IPSec over Mesh

    Posted Mar 16, 2012 08:14 AM

    Hi,

     

    thanks for your answer. Yes WPA2 is secure, I believe that :-)

     

    But the customer want's to have an IPSec-Tunnel in the WPA2-Tunnel because he dont trusts in WPA2.

     

    Is there a possibility?

     

    The solution should be

     

    RAP ------> MESH-Point --------------------------------> Meshportal ---------->LAN------------> Aruba

     

    In this sample the RAP will make an IPSec-Tunnel to the Controller. He uses the Mesh-Bridge so that ther is IPSec encapsulated in an WPA2.

     

    Is this solution possible without the RAP (with only 2 APs)?

     

    Regards,

    Marco



  • 4.  RE: IPSec over Mesh

    EMPLOYEE
    Posted Mar 16, 2012 08:48 AM
    @mawe wrote:

    Hi,

     

    thanks for your answer. Yes WPA2 is secure, I believe that :-)

     

    But the customer want's to have an IPSec-Tunnel in the WPA2-Tunnel because he dont trusts in WPA2.

     

    Is there a possibility?

     

    The solution should be

     

    RAP ------> MESH-Point --------------------------------> Meshportal ---------->LAN------------> Aruba

     

    In this sample the RAP will make an IPSec-Tunnel to the Controller. He uses the Mesh-Bridge so that ther is IPSec encapsulated in an WPA2.

     

    Is this solution possible without the RAP (with only 2 APs)?

     

    Regards,

    Marco

    Marco, is this a wireless or wired client that will be connecting to the mesh point?

     



  • 5.  RE: IPSec over Mesh

    Posted Mar 19, 2012 04:12 AM

    Hi,

     

    there will be a switch which is connected to the Mesh-Point via LAN. The Mesh-Point is a single-radio-AP so that there will be no wireless connectivity for clients.

     

    Problem is that the customer dont wants to use VPN-Clients :-/

     

    All things should be done by the Controller.