Hello all,
This problem has been trouble us for a while. After many changes in the switches and routers configuration without success, I posted the problem here to see if anyone has any advices, not just in Aruba RAP but in network general: how can we troubleshoot this problem (or if it is the problem):
Controller 3600, 6.1.3.2, and later upgraded to 6.1.3.5, both AOS showed the same issue. Unlike others, the controller for IPsec VPN locates at the DMZ; our controller locates behide the FW.
APs involve: two RAP-5WNs at two locations, two separate ISPs. They both act at the same time.
Problem: randomly our network is flooding with “UDP IPsec Nat-traversal (4500)”. These packets origin from inside port of the controller and flooding out to all switchports those are in the same broadcast domain. These are large packets up to 100 Mbps can last from minutes to hours.
A Wireshark capture all traffic from this controller 172.18.254.96 to two ISPs where RAP5s were installed. I am talking about 100s of MB of repeated data look like these flooding at every switchports:
1916 0.164238 172.18.254.96 67.55.236.105 ESP 178 ESP (SPI=0xe49e0f00)
1917 0.164254 172.18.254.96 67.55.236.105 ESP 178 ESP (SPI=0xe49e0f00)
1918 0.164305 172.18.254.96 108.244.151.186 ESP 178 ESP (SPI=0xe77ed500)
1919 0.164321 172.18.254.96 108.244.151.186 ESP 178 ESP (SPI=0xe77ed500)
Any advices are much appreciated!
Best regards!
Peter Trinh Nguyen
#3600