Wireless Access

Reply
New Contributor

RAP with IPsec down problem

Hi,

I havs several RAP with IPsec down status.

The controller process log shows a lot of messages

 

Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2685 Proposal match failed in encryption algo, configured=AES_CBC, peer using=3DES_CBC

Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown

 

 

below is my crypto configuration,

please give me a hint,

Thank you !

 

crypto isakmp policy 20

  encryption aes256

!

 

crypto isakmp key "a6ee1490ac869fadc7941630cd7d70df47673fb7cc2f8d7f" address 0.0.0.0 netmask 0.0.0.0

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac

crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac

crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac

crypto dynamic-map default-dynamicmap 10000

  set transform-set "default-transform" "default-aes" 

!

 

no crypto-local isakmp xauth

crypto isakmp eap-passthrough eap-tls

crypto isakmp eap-passthrough eap-peap

crypto isakmp eap-passthrough eap-mschapv2

 

Guru Elite

Re: RAP with IPsec down problem

The proposal match failed normally just shows the controller cycling through configured crypto maps to try to match the incoming request.  It by itself does not mean anything is wrong.  Eventually it finds the correct one and everything works.

 

With regards to your issue, has anything changed?  Have there been any outages?  You did not say if anything corresponds with your RAPs being down...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: