ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 6
Registered: ‎12-07-2010

How configure default of IP-sec ?

Hi, all.

I had a question about default configration of IP-sec and isakmp in AOS3.2.
If the controller have been unable to initiate to the other controller of responder, how many times will the controller of initiator try to initiate to the controller of responder?

Actually, the local controller could not have relationship of master/local for 5days.
This problem was settled by rebooting local controller.

please anyone advice me!
Guru Elite
Posts: 20,416
Registered: ‎03-29-2007

Re: How configure default of IP-sec ?

`What kind of connection is this? Site to Site VPN? Client to controller VPN? Are both controllers on the same subnet?

To troubleshoot this you need to start security debugging so you an see the ISAKMP messages:

config t
logging level security debugging
show log security

Also, do a "show crypto ipsec sa" to see if there is a security association.

Do a "show datapath session table " to see if any UDP 4500 or protocol 50 traffic is flowing between both controllers.

If you have a site to site VPN setup there is a parameter called "Preconnect" which makes that side of the VPN connection ALWAYS initiate the connection. It tries to establish the connection all the time; there is no limit to the retries. If the VPN tunnel is not up you will NOT be able to ping the network on the other side of the connection, because there is a static route that is established when you create a VPN connection and that network can ONLY be reached if the tunnel is up.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 117
Registered: ‎02-26-2010

Re: How configure default of IP-sec ?

on os 5.x this level doesn't exsist

(Aruba620) (config) #logging level ?
alerts Immediate action needed
critical Critical Condition
debugging Debug Messages
emergencies System is unusable
errors Error Conditions in the system
informational Informational Messages
notifications Normal but significant condition
warnings Warning condition

what level i've to use to debug only ipsec?


---> found, change the sintax

#logging level debugging security
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,416
Registered: ‎03-29-2007

Re: How configure default of IP-sec ?

Sorry,

logging level debug security subcat IKE
logging level debug security subcat vpn
logging level debug security process l2tp
logging level debug security process crypto


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: