Hi all,
in my test lab i'm simulating a remote network that i have with a branch where they will buy directly some AP205
So I set a network AP205 -- Firewall --IPSEC Tunnel -- Firewall -- Aruba7030
I set DHCP Option 43 and 60 to point to my controller via ip.
AP start with factory firmware ArubaOS Version 6.4.1.0 and the 1st time i see it on my controller (default group - see attachment) and it start automatically to upgrade to 6.4.3.2
During the upgrade the session table is:
show datapath session table 10.168.2.201
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
r - Route Nexthop
A - Application Firewall Inspect
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- ---------------
10.5.0.100 10.168.2.201 6 21 58714 0/0 0 0 2 0/0/0 22 14 976 I
10.168.2.201 10.5.0.100 6 49483 1053 1/4098 0 0 0 0/0/0 20 894 35780 CU
10.5.0.100 10.168.2.201 6 1053 49483 0/0 0 0 0 0/0/0 20 1732 2458064
10.168.2.201 10.5.0.100 6 58714 21 1/4098 0 0 2 0/0/0 22 17 824 CUI
and the tunnel table is (MTU 1200)
show datapath tunnel table | include 10.168.2.201
96 10.5.0.100 10.168.2.201 47 9000 1200 0 0 0 0 0 04:BD:88:C1:CC:B8 0 0 0 TES
The AP reboot itself to the new firmware and i lost it
The session table report connection to the ap and i receive the boot log
#show datapath session table 10.168.2.201
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
r - Route Nexthop
A - Application Firewall Inspect
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- ---------------
10.168.2.201 10.5.0.100 17 60799 514 1/4099 0 0 1 0/0/0 e 1 100 FC
10.5.0.100 10.168.2.201 17 514 60799 0/0 0 0 1 0/0/0 e 0 0 FY
Jul 3 12:30:18 :311002: <WARN> |AP 04:bd:88:c1:cc:b8@10.168.2.201 sapd| Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Jul 3 12:30:19 :303086: <ERRS> |AP 04:bd:88:c1:cc:b8@10.168.2.201 nanny| Process Manager (nanny) shutting down - AP will reboot!
Jul 3 12:31:55 :303022: <WARN> |AP 04:bd:88:c1:cc:b8@10.168.2.201 nanny| Reboot Reason: AP rebooted Fri Jul 3 12:30:19 CEST 2015; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
I just try, as I found in some topics, to adjust MTU to 1200 or 1400 with no luck (The vpn tunnel is set 1424 but i try to set to 1500 or 1200 with no luck)
Other ideas?
Thanks
Riccardo
#AP205