09-11-2012 09:10 AM
The setup is master-standby, they share a vrrp-address. There are about 4 local controllers. No PEF or PEFNG license.
we have a RAP-2WG connecting from the internet via a checkpoint firewall.
The RAP comes up fine, if the RAP is in the internal network, in the same vlan as the controllers are in..
When its on the internet, the IPSEC SA is formed, ISAKMP SA is also getting formed. We see the RAP up on the controller for about 1:30 minutes & goes down forever.
Is it mandatory to have a PEFNG license in order to bring up an RAP-2WG?
09-12-2012 04:35 AM
Hopefully, you don't have the static NAT pointing to the VRRP address, because having a NAT pointint to a VRRP does not work with firewalls.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs