Configuring Automatic GRE VPN Tunnel

In Aruba Central (on-premises), you can configure an Instant Access Point (IAP) to automatically set up a GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel from the IAP to the controller.

To configure an IAP to automatically set up a GRE tunnel, complete the following steps:

1. In the Network Operations app, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the VPN tab.

   The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. page is displayed.

6. Click the Controller accordion.

7. In the Protocol drop-down list, select Aruba GRE.

8. In the Primary host field, enter the IP address or FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. for the main VPN/IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. endpoint.

9. In the Backup host field, enter the IP address or FQDN for the backup VPN/IPsec endpoint. This entry is optional. When you enter the primary host IP address and backup host IP address, other fields are displayed.

10. Specify the following parameters:

    1. Select the Preemption check-box to allow the VPN tunnel to switch back to the primary host when it becomes available again. This step is optional. If Preemption is enabled, specify a value in seconds for Hold time. When preemption is enabled and the primary host comes up, the VPN tunnel switches to the primary host after the specified hold time. The default value for Hold time is 600 seconds.
    2. Select the Fast Failover check-box to allow the IAP to create a backup VPN tunnel to the controller along with the primary tunnel, and maintain both the primary and backup tunnels separately. If the primary tunnel fails, the IAP can switch the data stream to the backup tunnel. This reduces the total failover time to less than one minute.
    3. Select the Reconnect User On Failover to disconnect all wired and wireless users when the system switches during VPN tunnel transition from primary to backup and backup to primary,
    4. Specify a value in seconds for Reconnect Time On Failover to configure an interval for which wired and wireless users are disconnected during a VPN tunnel switch. By default, the reconnection duration is set to 60 seconds.
    5. Specify a value in seconds for Seconds Between Test Packets. Based on the configured frequency, the IAP can verify if an active VPN connection is available. The default value is 5 seconds, which means that the IAP sends one packet to the controller every 5 seconds.
    6. Enter a value for Max Allowed Test Packet Loss to define a number for lost packets, after which the IAP can determine that the VPN connection is unavailable. The default value is 2.
    7. Select the Per-AP-Tunnel check-box to create a GRE tunnel from each IAP to the VPN/GRE Endpoint rather than the tunnels created just from the conductor IAP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the IAP itself and need not be forwarded through the conductor IAP.
    8. From the Branch Name drop-down list, select the branch name.
11. Click Save Settings.