ArubaOS and Controllers

Reply
Contributor I
Posts: 21
Registered: ‎10-27-2009

Master-Local ipsec tunnels break

Upgraded to 6.1.2.2 this summer from 3.4.2.x (via 3.4.4.3). Since then we have intermittent problems with communication between the master and locals. If I try and ping the master it fails, however I can ping any address outside of the tunnel. I have verified that the keys are correct. If I issue this command

clear crypto ipsec sa peer ip.add.re.ss

I can ping the master for a short time (maybe ten to twenty seconds), then it just fails again. Rinse and repeat with the same results. Over the last weekend I upgraded to 6.1.2.3 to see if that would help, however it hasn't.

The network between the controllers is our local Public Utilities District with a 1gb fiber link.

I have four sites with three that are exhibiting this behavior. All four sites are almost identical when comparing the network structure. I can't figure out why one doesn't drop and the other three do.

Anyone with any ideas?
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Master-Local ipsec tunnels break

Are you saying that you are trying to ping the master from the locals, or from a regular PC?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 21
Registered: ‎10-27-2009

Re: Master-Local ipsec tunnels break

From what I understand, the master and local controller establish an ipsec tunnel with each other. If you try and ping each other, it will try and route the ping through the tunnel rather than following the default gateway. I have confirmed this with both tac and my local reps. So from the local controllers ssh prompt, if I ping the master it should ping successfully if the tunnel is functioning. If the tunnel is broken the pings will fail. This is what is happening to me. However not all of the time, they go up and down, sometime I can ping, sometimes I can't. It's very weird.
Aruba Employee
Posts: 119
Registered: ‎05-16-2007

Re: Master-Local ipsec tunnels break

Hey Bob, I'd like to make sure TAC re-engages on this. As you know, I updated the case notes, and they called me that day--but I want to make sure they are looking at this again especially since the 6.1.2.3 upgrade....

Colin, yeah..it's strange. Pinging is just the test to see if the IPSEC is working or not. You see the controllers intermittently show as down in the master, but they are really up...it's just spotty.

I haven't seen this in any other locations before though, and as Robert noted, it's only 3 of his 4 locations....
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Master-Local ipsec tunnels break

Okay, but does the same thing happen when you try to ping from a third station?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: