Wireless Access

Reply
New Contributor

Is IKE fragmentation supported in Aruba OS?

Hi!

 

We're having some issues with native IPSEC VPN clients (booth in Windows and Mac OS X) connecting to our Aruba 3200-controller.   The clients are authenticating with certificates (IKE RSA AuthN). The same user certificates works great with wifi and while using the VIA-client. There seems to be some issues with IKE fragmentation according to the log files:

 

--

message_fragment_check Dropping IKE fragment because IKE fragmentation is not supported

--

 

Can anyone tell for sure if Aruba OS supports any form of IKE fragmentation? Or does someone has experience with equal setup and got it working?

 

Thank you!

 

/Fredrik.

Aruba Employee

Re: Is IKE fragmentation supported in Aruba OS?

The reason for the message of IKE fragment not supported looks like, that the MAC OS client is not sending the Fragmentation vendor ID in the IKE fragments. Hence the packets are dropped.

 

You can find additional information about IKE fragmentation on

http://msdn.microsoft.com/en-us/library/cc233458.aspx

http://www.ietf.org/rfc/rfc2408.txt (Section 3.16)

Thanks,
Abilash (ACCP, CWSP, CWAP, CWDP)
(Above answer is based on my knowledge and NOT an official statement from Aruba)
[Hit Kudos if my reply helps. ]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: