Configuring Routing Profiles for IAP VPN

HPE Aruba Networking Central can terminate a single VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. connection on HPE Aruba Networking Mobility Controller. The routing profile defines the corporate subnets Subnet is the logical division of an IP network. which need to be tunneled through IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session..

You can configure routing profiles to specify a policy based on routing into the VPN tunnel.

To configure routing profiles, complete the following steps:

1. In the WebUI, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the VPN tab.

   The VPN page is displayed.

6. Click the Routing accordion.
7. Click + in the Routing pane.

   The New Route page with the route parameters is displayed.

8. Update the following parameters:
   1. Destination—Specify the destination network that is reachable through the VPN tunnel. This defines the IP or subnet that must reach through the IPsec tunnel. Traffic to the IP or subnet defined here will be forwarded through the IPsec tunnel.
   2. Netmask—Specify the subnet mask to the destination defined for Destination.
   3. Gateway—Specify the gateway to which traffic must be routed. In this field, enter one of the following based on the requirement:
      • The controller IP address on which the VPN connection will be terminated. If you have a primary and backup host, configure two routes with the same destination and netmask, but ensure that the gateway is the primary controller IP for one route and the backup controller IP for the second route.
      • The "tunnel" string if you are using the IAP in Local mode during local DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  configuration.
   4. Metric—Specify the best optimal path for routing traffic. A value of 1 indicates the best path, 15 indicates the worst path, and 16 indicates that the destination is unreachable on the route.
9. Click OK.
10. Click Save Settings.