This is a short design and configuration guide (31 pages) to setup IPSEC VPN between Aruba Instant APs (IAP) and Aruba VPN concentrator (VPNC). The main aim here is to show case two of the most common forwarding modes namely Centralised L2 and Distributed L3.
We’ll use an SSID in Centralised L2 mode while using an E1 port of an IAP in Distributed L3 mode.
The document also demonstrate other feature with Aruba Instant 8.4.x that provides pre-emption enhancement for IAP-VPN. With this feature IAPs can detect the reachability of a primary VPN over the Ethernet uplink without bringing the 3G/4G link down. Here we’ll use two failover IP addresses one for each of the uplinks. (Ethernet and 3G/4G).
You should note that IAP-VPN are completely supported on Aruba SD-Branch solution. So you could have micro branches that require just an IAP or small branches that require a few IAPs but still smaller that branches that require a branch gateways, to create VPN tunnels to the same VPNCs which are used for the Branch Gateways. This becomes a very cost effective solution.
Solutions Tech Lab 
Leave a comment