Configuring Multiple Active Tunnels

Starting from Aruba Instant 8.4.0.0, you can configure multiple active VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels on an Instant AP. You can configure up to four pairs of Primary and Backup VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels. Only one IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel can be selected for each VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. primary and backup pair and a default VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel must be configured if you wish to keep more than one active VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel to pass Centralized, L2 traffic.

 

This feature is currently not supported for IPv6.

Limitations

Following are some of the limitations observed when configuring multiple active tunnels:

Multiple active tunnels are not supported in shared VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. mode. Only per AP tunnels are supported.

Multiple active tunnels are supported with GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. data tunnels only. No IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. data tunnel support is provided.

Multiple active tunnels supported in Centralized,L2 VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. mode only.

Multiple active tunnels need to be in full tunnel mode and not split tunnel mode.

Configuring a Default VPN Tunnel

The following example configures a default VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel:

(Instant AP)(config)# vpn primary <IP address or domain name>

(Instant AP)(config)# vpn backup <IP address or domain name>

(Instant AP)(config)# vpn fast-failover

(Instant AP)(config)# vpn gre-outside

(Instant AP)(config)# gre per-ap-tunnel

(Instant AP)(config)# vpn hold-time <seconds>

(Instant AP)(config)# vpn preemption

(Instant AP)(config)# vpn monitor-pkt-send-freq <frequency>

(Instant AP)(config)# vpn monitor-pkt-lost-cnt <count>

(Instant AP)(config)# end

(Instant AP)# commit apply

Configuring a non-default VPN Tunnel

The following example configures a non-default VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel profile:

(Instant AP)(config)# vpn tunnel-profile <profile_name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# primary <IP address or domain name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# backup <IP address or domain name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# gre-outside

(Instant AP)(VPN Tunnel Profile "<profile_name>")# per-ap-tunnel

(Instant AP)(VPN Tunnel Profile "<profile_name>")# fast-failover

(Instant AP)(VPN Tunnel Profile "<profile_name>")# hold-time <seconds>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# preemption

(Instant AP)(VPN Tunnel Profile "<profile_name>")# monitor-pkt-send-freq <frequency>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# monitor-pkt-lost-cnt <count>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# end

(Instant AP)# commit apply

Configuring Centralized, L2 DHCP Scopes to use Default VPN Tunnel

The following example configures a Centralized, L2 DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  scope to use a default VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel:

(Instant AP)(config)# ip dhcp <profile_name>

(Instant AP)(DHCP Profile "<profile_name>")# server-type Centralized,L2

(Instant AP)(DHCP Profile "<profile_name>")# server-vlan <VLAN ID or VLAN List>

(Instant AP)(DHCP Profile "<profile_name>")# disable-split-tunnel

(Instant AP)(DHCP Profile "<profile_name>")# end

(Instant AP)# commit apply

Configuring Centralized, L2 DHCP Scopes to use a Non-Default VPN Tunnel

The following example configures a Centralized, L2 DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  scope to use a non-default VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel:

(Instant AP)(config)# ip dhcp <profile_name>

(Instant AP)(DHCP Profile "<profile_name>")# server-type Centralized,L2

(Instant AP)(DHCP Profile "<profile_name>")# server-vlan <VLAN ID or VLAN List>

(Instant AP)(DHCP Profile "<profile_name>")# disable-split-tunnel

(Instant AP)(DHCP Profile "<profile_name>")# tunnel-profile <profile_name>

(Instant AP)(DHCP Profile "<profile_name>")# end

(Instant AP)# commit apply

Configure Customized Certificate for IPsec Tunnel

The following example configures an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel to use a customized certificate:

(Instant AP)(config)# vpn tunnel-profile <profile_name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# use-custom-cert

(Instant AP)(VPN Tunnel Profile "<profile_name>")# primary <IP address or domain name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# backup <IP address or domain name>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# fast-failover

(Instant AP)(VPN Tunnel Profile "<profile_name>")# hold-time <seconds>

(Instant AP)(VPN Tunnel Profile "<profile_name>")# preemption

(Instant AP)(DHCP Profile "<profile_name>")# end

(Instant AP)# commit apply

Debugging

Use the following command to check the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel status:

(Instant AP)(config)# show vpn status

Use the following command to check the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. registration status:

(Instant AP)(config)# show vpn tunnels

Use the following command to check the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. logs:

(Instant AP)(config)# show log vpn-tunnel

Use the following command to view the Centralized,L2 configuration:

(Instant AP)(config)# show dhcps