Configuring IPsec VPN Tunnel

An IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel is configured to ensure that the data flow between the networks is encrypted. When configured, the IPsec tunnel to the controller secures corporate data. You can configure an IPsec tunnel from virtual controller using Aruba Central.

To configure an IPsec tunnel from virtual controller, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP.

The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

A list of access points is displayed in the List view.

3. Click the Config icon.

The tabs to configure the access points are displayed.

4. Click Show Advanced, and click the VPN tab.

The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. details page is displayed.

5. Click the Controller accordion.

6. In the Protocol drop-down list, select Aruba IPsec.

7. In the Primary host field, enter the IP address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the main VPN/IPsec endpoint.

8. In the Backup host field, enter the IP address or FQDN for the backup VPN/IPsec endpoint. This entry is optional. When you enter the primary host IP address and backup host IP address, other fields are displayed.

9. Specify the following parameters.

a. To allow the VPN tunnel to switch back to the primary host when it becomes available again, select the Preemption check-box. This step is optional. If Preemption is enabled, specify a value in seconds for Hold time. When preemption is enabled and the primary host comes up, the VPN tunnel switches to the primary host after the specified hold-time. The default value for Hold time is 600 seconds.

b. To allow the Instant AP to create a backup VPN tunnel to the controller along with the primary tunnel, and maintain both the primary and backup tunnels separately, select the Fast Failover check-box. When fast failover is enabled and if the primary tunnel fails, the Instant AP can switch the data stream to the backup tunnel. This reduces the total failover time to less than one minute.

c. Specify a value in seconds for Secs Between Test Packets. Based on the configured frequency, the Instant AP can verify if an active VPN connection is available. The default value is 5 seconds, which means that the Instant AP sends one packet to the controller every 5 seconds.

d. Enter a value for Max Allowed Test Packet Loss, to define a number for lost packets, after which the Instant AP can determine that the VPN connection is unavailable. The default value is 2.

e. To disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary, select the Reconnect User On Failover check-box.

f. To configure an interval for which wired and wireless users are disconnected during a VPN tunnel switch, specify a value in seconds for Reconnect Time On Failover within a range of 30-900 seconds. By default, the reconnection duration is set to 60 seconds. The Reconnect Time on Failover field is displayed only when Reconnect User On Failover is enabled.

10. When the IPsec tunnel configuration is completed, the packets that are sent from and received by an Instant AP are encrypted.

11. Click Save Settings.