Hi,
- I've created a routed VPN Pool for the IAPS
-> AMP is pinable from the IAP !
Do you AMP IAP whitelist enabled in AirWave?
-> Ive enabled the OU Group in AMP-Setup-> Roles.
Make sure your IAP Pool is a routable network in your infrastructure
Can you see the IAP on the controller "show IAP table"
Yes it it -> AMP Pinable from AP on DSL
Do you have the MAC address of the IAP in the rap whitelist ?
Of course, Tunnel is up
Here some more output:
ac:a3:1e:xx:xx:xx# sh vpn status
profile name:default
--------------------------------------------------
current using tunnel :primary tunnel
current tunnel using time :25 seconds
ipsec is preempt status :disable
ipsec is fast failover status :disable
ipsec hold on period :600s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6
ipsec primary tunnel crypto type :Cert
ipsec primary tunnel peer address :212.x.x.x
ipsec primary tunnel peer tunnel ip :10.x.x.x
ipsec primary tunnel ap tunnel ip :10.x.x.251
ipsec primary tunnel using interface :tun0
ipsec primary tunnel using MTU :1230
ipsec primary tunnel current sm status :Up
ipsec primary tunnel tunnel status :Up
ipsec primary tunnel tunnel retry times :2
ipsec primary tunnel tunnel uptime :25 seconds
ipsec backup tunnel crypto type :Cert
ipsec backup tunnel peer address :N/A
ipsec backup tunnel peer tunnel ip :N/A
ipsec backup tunnel ap tunnel ip :N/A
ipsec backup tunnel using interface :N/A
ipsec backup tunnel using MTU :N/A
ipsec backup tunnel current sm status :Init
ipsec backup tunnel tunnel status :Down
ipsec backup tunnel tunnel retry times :0
ipsec backup tunnel tunnel uptime :0
short later
ipsec primary tunnel peer address :212.x.x.x
ipsec primary tunnel peer tunnel ip :0.0.0.0
ipsec primary tunnel ap tunnel ip :0.0.0.0
ipsec primary tunnel current sm status :Retrying
short later
ipsec primary tunnel crypto type :Cert
ipsec primary tunnel peer address :212.x.x.x
ipsec primary tunnel peer tunnel ip :10.x.x.x
ipsec primary tunnel ap tunnel ip :10.x.x.253
ipsec primary tunnel using interface :tun0
short later
ipsec primary tunnel peer address :212.x.x.x
ipsec primary tunnel peer tunnel ip :0.0.0.0
ipsec primary tunnel ap tunnel ip :0.0.0.0
ipsec primary tunnel current sm status :Retrying
ipsec primary tunnel crypto type :Cert
ipsec primary tunnel peer address :212.x.x.x
ipsec primary tunnel peer tunnel ip :10.x.x.x
ipsec primary tunnel ap tunnel ip :10.x.x.254
ipsec primary tunnel using interface :tun0
if i pining the AMP the VPN stays online.
ipsec primary tunnel tunnel uptime :1 minute 21 seconds
in Idle time it will continue to reset the tunnel.