Wireless Access

Reply
Regular Contributor I

IAP-VPN and vpnpsk

i try to use IAP and IAP-VPN with psk mode

vpn ikepsk sharedkey username myuser password mypassword

But the tunnel don't work (after 60sec -> retrying)

 

show vpn status


profile name:default
--------------------------------------------------
current using tunnel                            :primary tunnel
current tunnel using time                       :5 seconds 
ipsec is preempt status                         :disable
ipsec is fast failover status                   :disable
ipsec hold on period                            :600s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6

ipsec     primary tunnel crypto type            :PSK
ipsec     primary tunnel peer address           :10.44.XX.XX
ipsec     primary tunnel peer tunnel ip         :1.1.1.127
ipsec     primary tunnel ap tunnel ip           :192.168.253.71
ipsec     primary tunnel using interface        :tun0
ipsec     primary tunnel using MTU              :1230
ipsec     primary tunnel current sm status      :Up
ipsec     primary tunnel tunnel status          :Up
ipsec     primary tunnel tunnel retry times     :2
ipsec     primary tunnel tunnel uptime          :5 seconds 

with cert mode, working

The peer ip is very strange (i get peer tunnel address with cert mode)

 

Any idea ?

ACMP 6.4 / ACMX #107
Regular Contributor I

Re: IAP-VPN and vpnpsk

the controller log :

Jun 29 19:41:19  authmgr[2218]: <522005> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.253.65 User entry deleted: reason=idle timeout
Jun 29 19:41:19  authmgr[2218]: <522013> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.253.65 IP DN: outerIP=10.44.Y.Y tunnels=9
Jun 29 19:41:19  isakmpd[2080]: <103056> <INFO> |ike|  IKE XAuth client down IP:192.168.253.65 External 10.44.Y.Y
Jun 29 19:41:39  authmgr[2218]: <124003> <INFO> |authmgr|  Authentication result=Authentication Successful(0), method=VPN, server=Internal, user=10.44.Y.Y 
Jun 29 19:41:39  authmgr[2218]: <124038> <INFO> |authmgr|  Reused server Internal for method=VPN; user=mysuser,  essid=<>, domain=<>, server-group=default
Jun 29 19:41:39  authmgr[2218]: <522006> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.253.74 User entry added: reason=VPN
Jun 29 19:41:39  authmgr[2218]: <522008> <NOTI> |authmgr|  User Authentication Successful: username=mysuser MAC=00:00:00:00:00:00 IP=192.168.253.74 role=guest VLAN=0 AP=N/A SSID=N/A AAA profile=default auth method=VPN auth server=Internal
Jun 29 19:41:39  authmgr[2218]: <522012> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=192.168.253.74 IP UP: outerIP=10.44.Y.Y tunnels=9
Jun 29 19:41:39  authmgr[2218]: <522017> <INFO> |authmgr|  MAC=00:00:00:00:00:00 IP=?? Derived role 'guest' from server rules: server-group=default, authentication=VPN
Jun 29 19:41:39  authmgr[2218]: <522038> <INFO> |authmgr|  username=mysuser MAC=00:00:00:00:00:00 IP=10.44.Y.Y Authentication result=Authentication Successful method=VPN server=Internal
Jun 29 19:41:39  authmgr[2218]: <522049> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=0.0.0.0 User role updated, existing Role=none/none, new Role=logon/none, reason=IP user created
Jun 29 19:41:39  authmgr[2218]: <522049> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.253.74 User role updated, existing Role=logon/none, new Role=logon/guest, reason=User authenticated with auth type:VPN client role derivation:0
Jun 29 19:41:39  authmgr[2218]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=10.44.Y.Y User data downloaded to datapath, new Role=logon/2, bw Contract=0/0, reason=IP up for non VPN transport for external user, idle-timeout=300
Jun 29 19:41:39  authmgr[2218]: <522050> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=192.168.253.74 User data downloaded to datapath, new Role=guest/4, bw Contract=0/0, reason= IP up for non VPN transport, idle-timeout=300
Jun 29 19:41:39  isakmpd[2080]: <103015> <INFO> |ike|  IKE Main Mode Phase 1 succeeded for peer 10.44.Y.Y
Jun 29 19:41:39  isakmpd[2080]: <103022> <INFO> |ike|  IKE Quick Mode succeeded for peer 10.44.Y.Y
Jun 29 19:41:39  isakmpd[2080]: <103033> <INFO> |ike|  IKE Quick Mode succeeded internal 192.168.253.74, external 10.44.Y.Y
Jun 29 19:41:39  isakmpd[2080]: <103047> <INFO> |ike|  IKE XAuth succeeded for 192.168.253.74 (External 10.44.Y.Y) for guest
Jun 29 19:41:39  localdb[2253]: <133004> <INFO> |localdb|  Received Authentication Request for User mysuser
Jun 29 19:41:39  localdb[2253]: <133005> <INFO> |localdb|  User mysuser guest Successfully Authenticated
ACMP 6.4 / ACMX #107
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: