I don’t understand why they have to make Aruba Central so difficult by reinventing the wheel. I have a SonicWall NSA at the other end of the tunnel. The IPSec VPN tunnel is up. I have two vlan subnets behind the security controller, vlan 100 (10.10.100.0/24) and 200 (10.10.200.0/24). From the server behind the SonicWall, I can ping through the tunnel to the vlan 100 subnet 10.10.100.1, but from the console cli in Central I, cannot ping the remote destination 192.168.2.20 or the LAN interface 192.168.2.1 255.255.252.0.
How do I define additional subnets to be allowed through the tunnel? This is easily done from Cisco ASA to SonicWall by defining the subnets as object and put into a group, then apply the group to the local or the remote subnets.
Aruba ERT does not seem to understand how to do this either.
Would need to know your config. The snippets needed would be
- interface of the LAN side segments (physical interface config)
- interface config of the WAN uplink
Have you tried pinging on the console CLI with the source interface of VLAN 100 and 200? If you ping without any options, it will source from whatever you set the system-IP to which may not be routable depending on your config.
When you set up your site-to-site IPSec Map, what did you use for Source and Destination network? Any/Any?
Depending on your routing, you may need to create a next hop list that references your IPSec map, create a route ACL that specifies the source/destination traffic with ‘forward to next-hop list’ as the action and pick the next hop list you created, and apply that as a route policy to your VLANs. This is basically what you’re doing on the ASA, just using different terminology.
I’ll try to get that information. Multiple sessions over Zoom with Aruba ERT, and they can’t figure it out.