Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎06-19-2013

Convert IAP to a RAP using public IP but comes with VPN errors.

[ Edited ]

Hi guys.

 

I am trying to convert an IAP to a RAP with public IP but I got error with VPN setup fails.

I checked the other side and the UDP port is open on Firewall and permit on the Controller.

 

Any ideas what is going wrong?

 

PS. I have attached a file with the log error.

 

Cheers

 

Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

lalves,

 

Did you try to convert any other IAPs?  If it is not working, frequently you have to look on BOTH sides, not just one side to determine what is wrong.  If you can convert any others, then the problem is specifically with this one.  If you cannot convert any others, we have to look at the controller.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 288
Registered: ‎08-27-2012

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

Have you configured the VPN service and IP pool on the controller?
ACDX #419 | ACMP |
New Contributor
Posts: 4
Registered: ‎06-19-2013

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

Hi cjoseph.

 

Thanks for your reply.

 

Yes we have tried other one. It seems that the client firewall is the issue. The UDP 4500 port is not properly open on firewall. I will post more after I find more about.

 

cheers

 

Luiz Alves

New Contributor
Posts: 4
Registered: ‎06-19-2013

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

Hi tsd25108.

 

Yes the pool is configure with no routeble IPs. It seems something one clients firewall or router.

 

Cheers

New Contributor
Posts: 4
Registered: ‎06-19-2013

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

One thing I found is that, scanning the UDP port with nmap, shows state port as Open-Filtered. Not sure if it is could be the problem too.

 

:smileyfrustrated:

Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

NMAP is not super-reliable at detecting Open UDP ports.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 1
Registered: ‎02-13-2014

Re: Convert IAP to a RAP using public IP but comes with VPN errors.

[ Edited ]

Any updates on what caused/how to fix?

 

I think I've got the same problem.

Updated our controller from 6.3.1.7 to 6.3.1.9 earlier in the week then all the RAPs started failing to connect.

I've reset my RAP and tried to connect again and get the same logs that you got.

 

Tried rolling back to 6.3.1.7 and the saved config from Monday.

Hasn't resoleved, so rebooted back to 6.3.1.9

 

#OK, solved my problem.

Someone had done a repair from Airwave, and it looks like it removed the static default route from the controller.

If yours is the same... I did show datapath session | include 4500
I could see all the external RAP IPs, but was getting status of FY (Fast age, no syn)

Did a show crypto ipsec sa

And only showed the master and local connections.

Checked the show ip route and found the master had the static route from the local rather than its own one.

 

Then made sure I had smaller routes for 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for the internal gateway

And then changed the static to match the currect gateway for the IP the RAPs connect to.

 

Big thanks to James @ Aruba in Wellington NZ for pointing me in the right direction

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: