Greetings,
I'm trying to setup RAP withs split-tunnel behind a DSL router(branch) but it seems it can't establish IPSEC with my controller at HO tho it gets I.P from my VPN pool. here's details from Local Events.
--
2017-03-11 11:45:03 User 192.168.29.198 with MAC address 00:00:00:00:00:00 and name a8:bd:27:c8:ba:b4 was authenticated with authentication mechanism 3 and the role assigned was sys-ap-role
2017-03-11 11:48:29 User 192.168.29.199 with MAC address 00:00:00:00:00:00 and name a8:bd:27:c8:ba:b4 was authenticated with authentication mechanism 3 and the role assigned was sys-ap-role
2017-03-11 11:52:26 User 192.168.29.200 with MAC address 00:00:00:00:00:00 and name a8:bd:27:c8:ba:b4 was authenticated with authentication mechanism 3 and the role assigned was sys-ap-role
so here's the setup:
HO
1.FW- Sonicwall
UDP4500,500,65 - OPEN
2.Controller-Aruba 650, 6.4.2.2
-222.x.x.x as public I.P ; port forward by FW.
from controller, I configured VPN pool of 192.168.29.X.
while the AP was enrolled first as CAP within HO then converted to RAP thru certificate only. CPsec was on and it automatically whitelisted the AP. 222.x.x.x was the master I.p and TFTP.
setup once worked w/o FW in a simulated environment but having issues in production.
on Local Events, the RAP sometimes goes up but goes down after.
any recommendation will be greatly appreciated :)