Thank you for the wonderful videos on SD-Branch. Hoping for some more to come. Have few questions. 1. Can we configure Branch to Branch tunnel without VPNC, by using Orchestrator or manual to build full mesh topology? 2. Can a box perform the function of BGW and MD(Wireless Controller) at the same time?
1) As of today, we'd have to set up these tunnels manually. Quite frankly, what we see most customers doing is using regional hubs to handle branch to branch connectivity, as it makes the overall deployment a lot simpler. 2) Yes and No. We had to "strip" something out of the controllers to make room for all the new routing, path steering, WAN tunnels, etc. But with AOS10 we'll be able to have the same device receiving LAN tunnels from APs as well as establishing WAN tunnels with the orchestrator. You can learn a lot more about ArubaOS10 in www.arubaatmdigital.com/
@@AirheadsBroadcasting For question 1: Can Branch gateway establish normal IPsec to a central firewall (like CheckPoint) or can they terminate on a normal AOS8 controller (site to site) ?
Threre is somethings thar are a little unclear. 1. System ip, and loopback ip. The difderence, and do they both need to be route able? 2. The gatewaypool, is thar a subnet for local devices within the SD lan, or is it a wan (gateway only ip) for all our remote branches? Hope you could clear that out. I have seen the series several times. Great and really good. Looking forward to see how the local devices, switches and ap connecting to central trough the tunnel.
system-ip (a.k.a.) controller-ip is a very important address and if not configured properly the device will not sync configuration with Central. You can use different sources for this ip address and mostly a gatewaypool is used for BGW's and loopback for VPNC's but it can also be any VLAN IP address. system-ip is used for all communication with Central and also as source IP address for any system originated packets like SNMP, RADIUS etc so it needs to be a routable address.
Any articles or advice you can provide on how to connect a virtual gateway to a branch gateway?
Thank you for the wonderful videos on SD-Branch. Hoping for some more to come.
Have few questions.
1. Can we configure Branch to Branch tunnel without VPNC, by using Orchestrator or manual to build full mesh topology?
2. Can a box perform the function of BGW and MD(Wireless Controller) at the same time?
1) As of today, we'd have to set up these tunnels manually. Quite frankly, what we see most customers doing is using regional hubs to handle branch to branch connectivity, as it makes the overall deployment a lot simpler.
2) Yes and No. We had to "strip" something out of the controllers to make room for all the new routing, path steering, WAN tunnels, etc. But with AOS10 we'll be able to have the same device receiving LAN tunnels from APs as well as establishing WAN tunnels with the orchestrator. You can learn a lot more about ArubaOS10 in www.arubaatmdigital.com/
1. Full mesh is not supported currently
2. WIreless controller functionality and BGW at the same time is not supported currently
@@AirheadsBroadcasting For question 1: Can Branch gateway establish normal IPsec to a central firewall (like CheckPoint) or can they terminate on a normal AOS8 controller (site to site) ?
@@MrGatya2 Yes, you can configure IPsec tunnels to other devices or to an AOS8 controller.
Threre is somethings thar are a little unclear. 1. System ip, and loopback ip. The difderence, and do they both need to be route able? 2. The gatewaypool, is thar a subnet for local devices within the SD lan, or is it a wan (gateway only ip) for all our remote branches? Hope you could clear that out. I have seen the series several times. Great and really good. Looking forward to see how the local devices, switches and ap connecting to central trough the tunnel.
system-ip (a.k.a.) controller-ip is a very important address and if not configured properly the device will not sync configuration with Central. You can use different sources for this ip address and mostly a gatewaypool is used for BGW's and loopback for VPNC's but it can also be any VLAN IP address. system-ip is used for all communication with Central and also as source IP address for any system originated packets like SNMP, RADIUS etc so it needs to be a routable address.