Wireless Access

Super Contributor II

VMC Scalability for IAP-VPN and Multizone

Hi Airheads,


Does anybody know where i can find sizing recommendation for using VMC as IAP-VPN termination or Multizone termination?



MVP Guru

Re: VMC Scalability for IAP-VPN and Multizone


Thank you

Victor Fabian
Lead Mobility Architect @WEI
Super Contributor II

Re: VMC Scalability for IAP-VPN and Multizone

supported in 8.3


Starting from ArubaOS, IAP-VPN is supported on Mobility Controller Virtual Appliance by using default
self-signed certificate (Aruba PKI). For Instant AP to establish IPsec connection with Mobility Controller Virtual
Appliance, the controller presents a default self-signed certificate which is uploaded on the Instant AP using

Through Activate, you can push only one default self-signed certificate to Instant AP which can be used to establishIPsec tunnel with Mobility Controller Virtual Appliance.

Contributor I

Re: VMC Scalability for IAP-VPN and Multizone

Can the certificate be deployed via Airwave in read-write mode with Groups? I deployed automatically 500 IAPs with Airwave group template on a network without connectivity to Activate. The VPN connection is a secondary usage, the control plane does not need it to contact Airwave. So, can I configure that IAP-VPN against a VMC AOS8.5 if I deploye the self-signed cert from Airwave itself?


These are the options available on Airwave for the IAP group configuration:


CA Cert:
Server Cert:
Captive Portal Cert:
Captive Portal Logo: only show less than 16k bytes logo files
RadSec Server Cert:
RadSec CA Cert:
Web Cert:
Custom SSL Cert:



Search Airheads
Showing results for 
Search instead for 
Did you mean: