Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

master local through own VPN?

This thread has been viewed 0 times

  • 1.  master local through own VPN?

    MVP
    Posted Jul 17, 2013 04:15 AM

    Anyone care to shed some light on this?

    What would be the best way to set up the following?

    master-local-throughvpn.png

     

    I was trying to get the master (A3400) and local (A620) connected trough a VPN set up between the 2 controllers themselves but the master-local ipsec-map replaces my destination net in the vpn config as they overlap.

    Is there an easy way to accomplish what I'm trying to do or do I have to set up the 620 as a master on its own?

     

     



  • 2.  RE: master local through own VPN?

    Posted Jul 17, 2013 04:44 AM


    Two key points for site-site VPN with one static and one dynamically addresses controller configuration:-

     

    1. To support site-site VPN with dynamically addressed devices, we must enable IKE Aggressive-Mode with Authentication based on a Pre-Shared-Key.


    2. The Aruba controller with a dynamic IP address must be configured to be the initiator of IKE Aggressive-mode for Site-Site VPN, while the controller with a static IP address must be configured as the responder of IKE Aggressive-mode.

     

    So in this case, since 3400 controller has the static public ip, this should be configured as responder and the other end A620 should be configured as initiator.

     

    Hope this helps.

     

    Thanks



  • 3.  RE: master local through own VPN?

    MVP
    Posted Jul 17, 2013 05:18 AM

    Hi Sriram,

     

    The VPN is working fine. My problem is pulling the master-local through it.

    Since my destination net and the controller ip overlap my ipsec-map gets replaced and my VPN fails.

     

    Setting up both controllers as standalone and have the clients communicate through their VPN works fine.

     

    So the question realy is not how to set up a dynamic-static vpn but rather how to get master-local through a VPN set up by the Aruba VPN devices themselves.



  • 4.  RE: master local through own VPN?

    Posted Jul 17, 2013 06:44 PM

    Hmm. I see.

     

    Since VPN site-site is already up and running; master-local may not come up as there would be an overlap of one more IPsec tunnel on the existing tunnel with same src-net and des-net.

     

    Thanks!



  • 5.  RE: master local through own VPN?

    MVP
    Posted Jul 23, 2013 12:49 PM

    Nope, master-local ipsec wipes out my user created vpn.

    Guess I'll mark this as not feasible for now.



  • 6.  RE: master local through own VPN?

    Posted May 31, 2019 06:23 PM

    Long since dead thread but very relevant when trying to connect a remote local controller via site-to-site VPN.  Does anyone have an updated configuration?  My networks overlap and so I cannot configure both...Thanks

     

    Randy