Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 5
Registered: ‎12-16-2014

Aruba RAP-3 and Cisco Firewall

I have an Aruba RAP-3 that needs to communicate to the main site where the controller is at.  The traffic of the RAP-3 need to first go out through a Cisco firewall where the RAP-3 is at.  There is an access list on the INSIDE interface of the firewall that allows all TCP and UDP ports, and IPSec ports to be open for the RAP-3 so it can go out the fire wall and talk to the controller.  The RAP-3 is also NATTED with an external IP.   However, the RAP-3 cannot communicate to the controller.  From the controller I can ping and traceroute to the RAP-3, but I don't understand why the RAP-3 and the controller cannot communicate with each other via IPSec.

Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

Re: Aruba RAP-3 and Cisco Firewall

Diagram, please.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎12-16-2014

Re: Aruba RAP-3 and Cisco Firewall

ARUBA 2.jpg

Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

Re: Aruba RAP-3 and Cisco Firewall

jdeleon71,

 

Does the Aruba controller have a natted public ip address on your firewall?  Are you allowing UDP 4500 traffic inbounds from any ip address to that natted public ip address on your firewall?  If your answer to both questions are yes, it should work fine.  

 

Have you seen the Remote AP (RAP) VRD here:  http://www.arubanetworks.com/wp-content/uploads/RAPVRD_version_8.pdf  ?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎12-16-2014

Re: Aruba RAP-3 and Cisco Firewall

The Aruba controller's public IP would be the 10.1.1.71 as indicated on the diagram, and yes, I am allowing UDP 4500 traffic inbounds from any ip address to the natted ip address.

Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

Re: Aruba RAP-3 and Cisco Firewall

Do you see "hits" on the firewall from the RAPs ip address?

Did you provision the access point as a remote AP pointing to the address?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎12-16-2014

Re: Aruba RAP-3 and Cisco Firewall

I did provision the access point.  I do not see any hits on the firewall.  I did a packet capture and I see the packet going out the firewall, but I do not see anything coming back from the controller on the outside.  Do I need to do anything on the controllers' firewall?

MVP
Posts: 1,405
Registered: ‎10-25-2011

Re: Aruba RAP-3 and Cisco Firewall

is it in the controllers whitelist?
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
MVP
Posts: 4,124
Registered: ‎07-20-2011

Re: Aruba RAP-3 and Cisco Firewall

Do the following :

- Make sure you have AOS 6.2 and up

- From the Remote Location can you ping the Public IP address

- Make sure you add VPN Pool to provide an Internal IP address 

- Add the MAC address of the RAP to the RAP Whitelist

- In the AP-Group add the PUBLIC IP Address to the provision > Master IP

2014-12-17 14_04_05-AP Group.png

- Factory Reset the RAP

- Connect the Instant SSID and open a browser to reach instant.arubanetworks.com , login using admin/admin

- From the Maintenance Tab 

2014-12-17 14_07_58-Instant.png

- Finally Click on Convert NOW

 

 

-

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 5
Registered: ‎12-16-2014

Re: Aruba RAP-3 and Cisco Firewall

Yes.

Search Airheads
Showing results for 
Search instead for 
Did you mean: