Wireless Access

Reply
Highlighted
Occasional Contributor I

Urgent - IPSec VPN multiple source Networks

Hello All,

 

I'm able to setup an IPSEC IKEv2 VPN between a 7050 and Azure VPN Gateway. The vpn works well as expected. However, I have multiple subnets on the controller side that I need to reach the Azure remote networks. How do I do that? I've searched high and low and could not find information whatsoever. All the documentation I see only give a one subnet example. Is this just not supported on Aruba controllers?

 

Here is my current config. I need to add another source network of 192.168.16.0/24.

 

crypto-local ipsec-map VpnToAzure 100
version v2
set ikev2-policy 50
peer-ip x.x.x.x
vlan 4094
src-net 172.30.16.0 255.255.255.0
dst-net 172.18.0.0 255.255.0.0
set transform-set "default-aes"
set security-association lifetime seconds 86400
set security-association lifetime kilobytes 1000000000
pre-connect enable
factory-cert-auth disable
trusted enable
uplink-failover disable
ip-compression disable
force-natt disable
!

 

Will really appreciate your help even if it's just to tell me it's not supported so I can try to find a workaround.

 

Thanks


Accepted Solutions
Highlighted
Guru Elite

Re: Urgent - IPSec VPN multiple source Networks

You can only add a single subnet in the crypto map.  Unless you can summarize both subnets and advertise them together, you will need some sort of route on the Azure side to point to the second subnet.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Urgent - IPSec VPN multiple source Networks

You would add a route in your infrastructure pointing to the controller as the next hop for the subnet in your Azure infrastructure.  Your Azure infrastructure would also need a route pointing back to the controller to reach the subnets on the other side.  This is if I understand your question.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor I

Re: Urgent - IPSec VPN multiple source Networks

Thanks for the response but I think you misunderstood. There are 2 subnets on the controller side of the vpn. How do I add the second subnet in the crypto map? Adding a second "src-net" command only replaces the first.

Highlighted
Guru Elite

Re: Urgent - IPSec VPN multiple source Networks

You can only add a single subnet in the crypto map.  Unless you can summarize both subnets and advertise them together, you will need some sort of route on the Azure side to point to the second subnet.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: