Configuring Automatic GRE VPN Tunnel

In Aruba Central, you can configure an Instant AP to automatically set up a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel from the Instant AP to the controller.

To configure an Instant AP to automatically set up a GRE tunnel, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP.

The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

A list of access points is displayed in the List view.

3. Click the Config icon.

The tabs to configure the access points are displayed.

4. Click Show Advanced, and click the VPN tab.

The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. details page is displayed.

5. Click the Controller accordion.

6. In the Protocol drop-down list, select Aruba GRE.

7. In the Primary host field, enter the IP address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the main VPN/IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. endpoint.

8. In the Backup host field, enter the IP address or FQDN for the backup VPN/IPsec endpoint. This entry is optional. When you enter the primary host IP address and backup host IP address, other fields are displayed.

9. Specify the following parameters:

a. To allow the VPN tunnel to switch back to the primary host when it becomes available again, select the Preemption check-box. This step is optional. If Preemption is enabled, specify a value in seconds for Hold time. When preemption is enabled and the primary host comes up, the VPN tunnel switches to the primary host after the specified hold time. The default value for Hold time is 600 seconds.

b. To allow the Instant AP to create a backup VPN tunnel to the controller along with the primary tunnel, and maintain both the primary and backup tunnels separately, select the Fast Failover check-box. If the primary tunnel fails, the Instant AP can switch the data stream to the backup tunnel. This reduces the total failover time to less than one minute.

c. To disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary, select the Reconnect User On Failover.

d. To configure an interval for which wired and wireless users are disconnected during a VPN tunnel switch, specify a value in seconds for Reconnect Time On Failover within the range of 30-90 seconds. By default, the reconnection duration is set to 60 seconds.

e. Specify a value in seconds for Seconds Between Test Packets. Based on the configured frequency, the Instant AP can verify if an active VPN connection is available. The default value is 5 seconds, which means that the Instant AP sends one packet to the controller every 5 seconds.

f. Enter a value for Max Allowed Test Packet Loss, to define a number for lost packets, after which the Instant AP can determine that the VPN connection is unavailable. The default value is 2.

g. Select the Per-AP-Tunnel check-box. The administrator can enable this option to create a GRE tunnel from each Instant AP to the VPN/GRE Endpoint rather than the tunnels created just from the master Instant AP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the Instant AP itself and need not be forwarded through the master Instant AP.

10. Click Save Settings.