Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 7
Registered: ‎12-17-2013

Problems with RAP

Hi i have a Aruba controller setup and i try to provisiong my first RAP i have done this at other customers Aruba controllers.

But on my i get the follwoing in the log, anyone have any clue what is going on ?

CERT_ComputeCertificateHash: status :0
CERT_VerifyCertificatePolicies: CN is BG0025375::00:0b:86:6e:65:58
ismacaddress string 00:0b:86:6e:65:58  len:17
CERT_verifyRSACertSignature: decryptRSASignature failed
ike2_state.c (5572): errorCode = ERR_RSA_DECRYPTION
IKE SA failed reason = ERR_RSA_DECRYPTION, errorcode = -7702
send_sapd_error: error:50 debug_error:0

IKE_SA [v2 I] (id=0xa6cd73ac) flags 0x41000015 failed reason = ERR_RSA_DECRYPTION, errorcode = -7702

Switching output streamget_ike_version: Use IKE Version 2

papi_init papifd:12  ack:24

Regards

Peter Andersén

 

MVP
Posts: 4,170
Registered: ‎07-20-2011

Re: Problems with RAP

 

A couple of questions:

 

- What type of RAP are using ?

- What AOS you have installed ?

- How are trying to configure it ? RAP Whitelist or username/password ?

- Have you configured the RAP ip pool ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎12-17-2013

Re: Problems with RAP

Im running version 6.2.1.3

The RAP is in Whitelist

yes i have an IP Pool setup for the RAP.

 

MVP
Posts: 1,408
Registered: ‎10-25-2011

Re: Problems with RAP

Are the necessary ports open to allow IPSEC traffic through? UDP 4500?

The controller has a license I assume since you say the RAP is in the whitelist.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Occasional Contributor I
Posts: 7
Registered: ‎12-17-2013

Re: Problems with RAP

Hi

Yes, it has all ports open an i have 16 AP licenses and only using two.

I have 16 PEFNG license and also 16 RF protect so it is fully licensed.

I think there is a problem between the 6.2.1.3 code on the controller.

 

I have done a similar installation at a customer they are running 6.1.4 and it worked like charmed.

So i think this has to do with my version and the 5 version that RAP get shipped with ?

 

Or do you have any other ideeas.

 

regards

Peter

 

Guru Elite
Posts: 20,561
Registered: ‎03-29-2007

Re: Problems with RAP


peterandersen wrote:

Hi

Yes, it has all ports open an i have 16 AP licenses and only using two.

I have 16 PEFNG license and also 16 RF protect so it is fully licensed.

I think there is a problem between the 6.2.1.3 code on the controller.

 

I have done a similar installation at a customer they are running 6.1.4 and it worked like charmed.

So i think this has to do with my version and the 5 version that RAP get shipped with ?

 

Or do you have any other ideeas.

 

regards

Peter

 


What model of  remote access points?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎12-17-2013

Re: Problems with RAP

Hi

RAP-2 is the model i have tested, but i did earlier test with RAP-3 before i did a factory reset and did a setup from scratch.

Since i tought i got some strange config in the controller that i could not find.

So i did a straight setup the same i have on one of my customers that works but they are running 6.1.4.

 

Regards

Peter

Guru Elite
Posts: 20,561
Registered: ‎03-29-2007

Re: Problems with RAP

[ Edited ]

peterandersen wrote:

Hi

RAP-2 is the model i have tested, but i did earlier test with RAP-3 before i did a factory reset and did a setup from scratch.

Since i tought i got some strange config in the controller that i could not find.

So i did a straight setup the same i have on one of my customers that works but they are running 6.1.4.

 

Regards

Peter


Okay.  The RAP3 requires 6.2.x and above, otherwise it will not work.

 

The question is, did RAP ever work with this particular setup or is this one new?

 

Did you do "show datapath session table | include 4500" to see the traffic when the RAP is trying to setup?

Did you do "show crypto ipsec sa" to see if the security association has been setup ?

Is this RAP on the public internet?  If so, is there a firewall in front of it doing a 1:1 NAT or does the controller have a public address?

Have you tried to terminate a RAP using the internal ip address of the controller, with a RAP internally?

The error messages in your post do not point to anything specific.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎12-17-2013

Re: Problems with RAP

Hi

I tried to do a inner termination experinced the same problem SA error.

So that why i think there is some compatibility issues with the 6.2.1.3 relaese with the RAP.

Yes NAt is setup this is where i changed my conf before i had a public IP on the Aruba mobility controller and got the same error.

 

regards

Peter

Guru Elite
Posts: 20,561
Registered: ‎03-29-2007

Re: Problems with RAP


peterandersen wrote:

Hi

I tried to do a inner termination experinced the same problem SA error.

So that why i think there is some compatibility issues with the 6.2.1.3 relaese with the RAP.

Yes NAt is setup this is where i changed my conf before i had a public IP on the Aruba mobility controller and got the same error.

 

regards

Peter


We have controllers that work with that release with RAPs terminating, so it could be specific to your setup.  You probably want to open up a TAC case so that they can take a detailed look at your security logs and your configuration in parallel.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: