IPSec tunnel establishment with our own gateway

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Our setup looks like this:

UE <------> Aerohive Access Point <---------> OurServer

The IPsec tunnel must be established between the UE and OurServer. (OurServer acts as terminating node of IPsec tunnel)

There are some CLI commands to set the Gateway IP Address, IKE Phase 1/2 parameters, algorithms etc. So in our case, do I need to set OurServer address as Aerohive's Gateway?
Since UE and OurServer has their own IPSec configurations, are there commands applicable to us?
Photo of Kaushik Naarumanchi

Kaushik Naarumanchi

  • 14 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Sorry, I am not sure if I understand correctly:
The IPsec tunnel must be established between the UE and OurServer. (OurServer acts as terminating node of IPsec tunnel)
If you establish a VPN tunnel between the UE and OurServer, the IPsec traffic is transparently passed through by the Aerohive Access Point. Absolutely nothing to configure on the Aerohive AP.

But if you plan to initiate the tunnel from the Aerohive AP, terminated by OurServer, that's a different issue.

Layer 2 VPN tunnel: Supported by any Aerohive AP on the left side, but then it has to be an Aerohive AP or Aerohive CVG (Cloud VPN Gateway) on the right hand side.
Layer 3 VPN tunnel: Left hand side must be an Aerohive BR (Branch Router) or and AP configured as Router (AP3xx). Right hand side must be an Aerohive CVG.

Theoretically the Layer 3 VPN tunnel can be terminated by any 3rd Party Ipsec VPN product, but this is officially not supported by Aerohive. I personally have no experience with this (I do use the CVG and it works great), but maybe someone else here can comment on this...
Photo of Kaushik Naarumanchi

Kaushik Naarumanchi

  • 14 Posts
  • 0 Reply Likes
"But if you plan to initiate the tunnel from the Aerohive AP, terminated by OurServer, that's a different issue."
Since we don't wish to initiate the tunnel from Aerohive AP but instead from UE to OurServer transparently, I wanted to confirm that these CLI commands are in-applicable to us.

Thanks.
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
That is correct. Don't worry about them, they are for a different scenario.