2. Configuring Routing Profiles
3. Configuring DHCP Profiles
4. Configuring an SSID or Wired Port
5. Enabling Dynamic RADIUS Proxy
6. Configuring Enterprise Domains
Defining the VPN Host Settings
The VPN endpoint on which a master IAP terminates its VPN tunnel is considered as the host. A master IAP in
an IAP network can be configured with a primary and backup host to provide VPN redundancy. You can define
VPN host settings through More > VPN > Controller in the UI.
You can configure the following VPNprofiles for the IAP-VPNoperations. For more information, see
Configuring a Tunnel from an IAP to a Mobility Controller on page 229.
l IPsec
l L2TPv3
l Manual GRE
l Aruba GRE
Configuring Routing Profiles
The routing profile on the IAP determines whether the traffic destined to a subnet must be tunneled through
IPsec or bridged locally. If the routing profile is empty, the client traffic will always be bridged locally. For
example, if the routing profile is configured to tunnel 10.0.0.0 /8, the traffic destined to 10.0.0.0 /8 will be
forwarded through the IPsec tunnel and the traffic to all other destinations is bridged locally.
You can also configure a routing profile with 0.0.0.0 as gateway to allow both the client and IAP traffic to be
routed through a non-tunnel route. If the gateway is in the same subnet as uplink IP address, it is used as a
static gateway entry. A static route can be added to all master and slave IAPs for these destinations. The VPN
traffic from the local subnet of IAP or the VC IP address in the local subnet is not routed to tunnel, but will be
switched to the relevant VLAN. For example, when a 0.0.0.0/0.0.0.0 routing profile is defined, to bypass
certain IPs, you can add a route to the IP by defining 0.0.0.0 as the destination, thereby forcing the traffic to be
routed through the default gateway of the IAP.
You can configure routing profiles through More > VPN > Controller UI. For step-by-step procedural
information on configuring routing profile, see Configuring Routing Profiles on page 240.
The IAP network has only one active tunnel even when fast failover is enabled. At any given time, traffic can
be tunneled only to one VPN host.
Configuring DHCP Profiles
You can create DHCP profiles to determine the IAP-VPN mode of operation. An IAP network can have multiple
DHCP profiles configured for different modes of IAP-VPN. You can configure up to eight DHCP profiles. For
more information on the IAP-VPN modes of operation, see IAP-VPN Forwarding Modes on page 243.
You can create any of the following types of DHCP profiles for the IAP-VPN operations:
l Local
l Local, L2
l Local, L3
l Distributed, L2
l Distributed, L3
l Centralized, L2
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide IAP-VPN Deployment | 246
To Next Page
Loading...
Need help?
General
