CALEA Server Integration
To support CALEA integration and ensure LI compliance, you can configure the IAPs to replicate a specific or
selected client traffic and send it to a remote CALEA server.
Traffic Flow from IAP to CALEA Server
You can configure an IAP to send GRE-encapsulated packets to the CALEA server and replicate client traffic
within the GRE tunnel. Each IAP sends GRE encapsulated packets only for its associated or connected clients.
The following figure illustrates the traffic flow from the IAP to the CALEA server.
Figure 80
IAP to CALEA Server
Traffic Flow from IAP to CALEA Server through VPN
You can also deploy the CALEA server with the controller and configure an additional IPsec tunnel for corporate
access. When CALEA server is configured with the controller, the client traffic is replicated by the slave IAP and
client data is encapsulated by GRE on slave, and routed to the master IAP. The master IAP sends the IPsec client
traffic to the controller. The controller handles the IPsec client traffic while GRE data is routed to the CALEA
server. The following figure illustrates the traffic flow from IAP to the CALEA server through VPN.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Services |
300