ArubaOS and Controllers

Reply
Contributor I
Posts: 32
Registered: ‎12-09-2011

Unable to Provision RAP3 for remote workers

Hi, 

 

upgraded all my controllers to 6.2.1.3 in order to get some RAP3s we bought working.

 

All whitelisted etc, followed the convert instructions but just get a VPN failed message. I've attached the log...RAP2s work fine.

 

Any advice greatly appreciated!

 

Thanks

Dave

MVP
Posts: 4,020
Registered: ‎07-20-2011

Re: Unable to Provision RAP3 for remote workers

 

How are you trying to convert the IAP-RAP3? 

 

What are you seeing on the controller side ?

 

show datapath session table <rap3 ip address> | include 4500 

show crypto ipsec sa | include <rap3 ip address>

show crypto isakmp sa | include <rap3 ip address>

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 32
Registered: ‎12-09-2011

Re: Unable to Provision RAP3 for remote workers

I've joined "instant", logged into the console and then gone to maintenance, convert and entered the public IP of the controller.

 

Not seeing anything at all on the controller.

MVP
Posts: 4,020
Registered: ‎07-20-2011

Re: Unable to Provision RAP3 for remote workers

 

if you are not seeing anything reaching the controller at all then there might have something preventing at the remote location preventing this ?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: Unable to Provision RAP3 for remote workers

did you opened port 69 udp for the image upgrade? and also port 4500 udp to form the VPN connection on your firewall?

 

You need to open both ports in your edge firewall that is connected on the central site to the internet.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Contributor I
Posts: 32
Registered: ‎12-09-2011

Re: Unable to Provision RAP3 for remote workers

Hi,

 

4500 UDP is open as the RAp2s already use this but that is all that is open.

 

I'll open the other port and give it a go.

 

Thanks

Dave

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: Unable to Provision RAP3 for remote workers

You need to open it otherwise it wont upgrade the firmware it needs(one is the firmwre for the instants and when you converting it, you need to upgrade the firmware to the one that it use as  a RAP... i bealive that should be the issue...

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 20,012
Registered: ‎03-29-2007

Re: Unable to Provision RAP3 for remote workers


dnulty wrote:

Hi, 

 

upgraded all my controllers to 6.2.1.3 in order to get some RAP3s we bought working.

 

All whitelisted etc, followed the convert instructions but just get a VPN failed message. I've attached the log...RAP2s work fine.

 

Any advice greatly appreciated!

 

Thanks

Dave


dnulty,

 

Please do the following debug on the controller:

 

config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn
 
Then after you try attaching the RAP3, type "show log security 100" to see what the controller thinks is the problem.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Unable to Provision RAP3 for remote workers

What does your VPN pool look like?  Are you out of addresses?  Can you try creating a second pool?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Contributor I
Posts: 32
Registered: ‎12-09-2011

Re: Unable to Provision RAP3 for remote workers

Hi everyone,

 

thanks for all your help and suggestions.

 

I believe the problem is related to our firewall, what ports should be open inbound and outbound?

 

Thanks

Dave

Search Airheads
Showing results for 
Search instead for 
Did you mean: