Wireless Access

Reply
Occasional Contributor I

IOS VIA client and IKEv2

Hello,

I am testing the VIA client for the IOS devices , so far I was able to connect using the IKEv1 , however when I am trying to use the IKEv2 it does not work , debug logs below (truncated )

 

 

<INFO> |ike| IKEv2 EAP-Authentication succeeded for 192.168.20.12 (External 70.212.132.60)
<DBUG> |ike| authR_out
<DBUG> |ike| <-- R#SEND 80 bytes to 70.212.132.60(2585) (141462.633)
<DBUG> |ike| 70.212.132.60:2585-> udp_encap_handle_message ver:2 serverInst:0 pktsize:96
<DBUG> |ike| 70.212.132.60:2585-> IKE_EXAMPLE_IKE_msgRecv: ip:46d4843c port:2585 server:0 len:96 numSkts:4
<DBUG> |ike| 70.212.132.60:2585->
<DBUG> |ike| 70.212.132.60:2585-> #RECV 96 bytes from 70.212.132.60(2585) at 10.10.1.1 (141463.397)
<DBUG> |ike| 70.212.132.60:2585-> spi={a5532491ad71f9ce a79bb49f91ea615a} np=E{AUTH}
<DBUG> |ike| 70.212.132.60:2585-> exchange=IKE_AUTH msgid=6 len=92
<DBUG> |ike| 70.212.132.60:2585-> IKE2_xchgIn
<DBUG> |ike| 70.212.132.60:2585-> IKE2_newXchg oExchange:35 bReq:0 dwMsgId:6
<DBUG> |ike| 70.212.132.60:2585-> IKE2_newXchg before delXchg
<DBUG> |ike| 70.212.132.60:2585-> authR_in
<DBUG> |ike| 70.212.132.60:2585-> --> R AUTH_i aa 69 73 af 3e 89 cf 02 44 87 48 c2 98 3a 5b 34 8a 62 22 c7
<DBUG> |ike| 70.212.132.60:2585-> x 46 6c 4d ee 6a 55 e1 90 a9 71 e6 1d fc 56 e8 36 fd 62 81 6c
<DBUG> |ike| 70.212.132.60:2585-> ike2_state.c (6968): errorCode = ERR_IKE_BAD_HASH
<DBUG> |ike| 70.212.132.60:2585-> OutCp entered
<DBUG> |ike| 70.212.132.60:2585-> <-- R Notify: AUTHENTICATION_FAILED (IKE)#SEND 80 bytes to 70.212.132.60(2585) (141463.398)
<DBUG> |ike| 70.212.132.60:2585-> cleanup_and_free_context delete ctx memory
<DBUG> |ike| 70.212.132.60:2585-> udp_encap_handle_message IKEv2 pkt status:-8910

 

I see the controller talking the the RADIUS , the username and passwd are correct , the servers certs for RADIUS and Aruba are both issued by the same CA .

 

Has anyone seen that kind of the problem before ?

Any help will be greatly appreciated.

 

Regards,

 

Kris

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: