Configuring Routing Profiles for IAP VPN

Aruba Central (on-premises) can terminate a single VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. connection on Aruba Mobility Controller. The routing profile defines the corporate subnetsSubnet is the logical division of an IP network. which need to be tunneled through IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session..

You can configure routing profiles to specify a policy based on routing into the VPN tunnel.

1. In the Network Operations app, set the filter to a group that contains at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of access points is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the access points are displayed.

4. Click Show Advanced, and click the VPN tab.

   The VPN details page is displayed.

5. Click the Routing accordion.

6. Click + in the Routing pane.

   The New Route page with the route parameters is displayed.

7. Update the following parameters:

   • Destination—Specify the destination network that is reachable through the VPN tunnel. This defines the IP or subnet that must reach through the IPsec tunnel. Traffic to the IP or subnet defined here will be forwarded through the IPsec tunnel.
   • Netmask—Specify the subnet mask to the destination defined for Destination.

   • Gateway—Specify the gateway to which traffic must be routed. In this field, enter one of the following based on the requirement:

     • The controller IP address on which the VPN connection will be terminated. If you have a primary and backup host, configure two routes with the same destination and netmask, but ensure that the gateway is the primary controller IP for one route and the backup controller IP for the second route.
     • The "tunnel" string if you are using the IAP in Local mode during local DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  configuration.
   • Metric—Specify the best optimal path for routing traffic. A value of 1 indicates the best path, 15 indicates the worst path, and 16 indicates that the destination is unreachable on the route.
8. Click OK.
9. Click Save Settings.