12-04-2012 09:16 AM
We're having some issues with native IPSEC VPN clients (booth in Windows and Mac OS X) connecting to our Aruba 3200-controller. The clients are authenticating with certificates (IKE RSA AuthN). The same user certificates works great with wifi and while using the VIA-client. There seems to be some issues with IKE fragmentation according to the log files:
message_fragment_check Dropping IKE fragment because IKE fragmentation is not supported
Can anyone tell for sure if Aruba OS supports any form of IKE fragmentation? Or does someone has experience with equal setup and got it working?
12-28-2012 01:46 AM
The reason for the message of IKE fragment not supported looks like, that the MAC OS client is not sending the Fragmentation vendor ID in the IKE fragments. Hence the packets are dropped.
You can find additional information about IKE fragmentation on
http://www.ietf.org/rfc/rfc2408.txt (Section 3.16)
Abilash (ACCP, CWSP, CWAP, CWDP)
(Above answer is based on my knowledge and NOT an official statement from Aruba)
[Hit Kudos if my reply helps. ]