08-17-2009 02:13 PM
I'm trying to run AP125's behind a Juniper SSG5 in RemoteAP mode.
The APs come up, seem to connect to the controller in our datacentre, but are not provisionable.
The AP will show up in the list of provisionable APs, but when you try to provision them, it fails with any number of errors (or silently).
My hunch is the Juniper SSG5 is interfering with the GRE tunnel between the AP and controller, but i'm having a bit of trouble tracking this down. The PPTP/GRE alg is enabled on the router.
Has anyone come across this before? And what was your solution?
08-17-2009 02:18 PM
If you're trying to initially provision them, then yes, they will use GRE for SSID tunnels....however, provisioning and mgmt is done via PAPI which is UDP 8211. You might check the Juniper to see if 8211 is being dropped.
If these are already provisioned as RemoteAPs and thus using IPSEC (NAT-T really...UDP 4500), then you might check to see if PAPI UDP 8211 is allowed in the remoteAP role defined on the Aruba controller.
08-17-2009 03:08 PM
Once they connect to the controller, I want to provision them with their IPSec details.
I have allowed everything outbound, so it shouldn't be blocked (firewall sessions should take care of the inbound as well).
What's strange about this, is this behaviour only happens with Juniper. No other router i'm using does this (with similar configurations).
02-01-2010 02:56 PM