Wireless Access


Resilient IAP VPN



Can someone let me know how to make an IAP VPN (Aruba IPSEC) resilient?


I know I can add a backup host which is great.


I'm having problems with what to the set the gateway on the routing profile on the IAP. I can't seem to get the routing to work unless the gateway in the routing profile is the controller IP address that the VPN is terminating on. 


In a failover situation the tunnel will terminate on the backup host and the route will no longer work.


Even the ASE solution suggest setting the route profile gateway as the controller IP address.

I feel like I'm missing something here and suspect there's an easy answer.


Anyone got a quick solution for this??


ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor I

Re: Resilient IAP VPN

If this is L3 distributed, then the use of OSPF would be recommended if the failover is to a different data center.


If not, have you tried adding a second route statement to the same network but instead the next hop is controller IP #2?

Search Airheads
Showing results for 
Search instead for 
Did you mean: