Wireless Access

Reply
MVP
Posts: 1,404
Registered: ‎05-28-2008

RAP155 convert faild | log output: IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ikeVer

Hi aireads,

Im encouter strange issues when trying to convert RAP-155 unit to work as a RAP (from IAP mode) , here is the output: (From the IAP log after the failed convert process)

This is the only error that repating itself:

IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ikeVer

---------------------------------------------------------------------------------------------------------------

 

Target : 00:0b:86:9d:a7:38


show vpn status


profile name:default
--------------------------------------------------
current using tunnel                            :unselected tunnel
ipsec is preempt status                         :disable
ipsec is fast failover status                   :disable
ipsec hold on period                            :600
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6

ipsec     primary tunnel crypto type            :Cert
ipsec     primary tunnel peer address           :***.***.***.***
ipsec     primary tunnel peer tunnel ip         :0.0.0.0
ipsec     primary tunnel ap tunnel ip           :0.0.0.0
ipsec     primary tunnel current sm status      :Retrying
ipsec     primary tunnel tunnel status          :Down
ipsec     primary tunnel tunnel retry times     :3
ipsec     primary tunnel tunnel uptime          :0

ipsec      backup tunnel crypto type            :Cert
ipsec      backup tunnel peer address           :N/A
ipsec      backup tunnel peer tunnel ip         :N/A
ipsec      backup tunnel ap tunnel ip           :N/A
ipsec      backup tunnel current sm status      :Init
ipsec      backup tunnel tunnel status          :Down
ipsec      backup tunnel tunnel retry times     :0
ipsec      backup tunnel tunnel uptime          :0
end of show vpn status
========================================================

show upgrade info

Image Upgrade Progress
----------------------
Mac                IP Address  AP Class  Status    Image Info  Error Detail
---                ----------  --------  ------    ----------  ------------
00:0b:86:9d:a7:38  10.0.0.1    Aries     image-ok  image file  none
Auto reboot           :enable
Use external URL      :enable
end of show upgrade info
========================================================

show log upgrade
----------Download log start----------
download log not available
----------Download log end------------
Download status: incomplete
----------Upgrade log start----------
upgrade log not available
----------Upgrade log end------------
Upgrade status: upgrade status not available
end of show log upgrade
========================================================

show log rapper
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
Dec 24, 13:42:27: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:42:27: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:42:27: main(): Entered, getpid()=3913
Dec 24, 13:42:27: get_ike_version: Use IKE Version 2

Dec 24, 13:42:27: papi_init papifd:8  ack:14

IKE_EXAMPLE: Starting up IKE server
setup_tunnel
Dec 24, 13:42:27: IKE_init: ethmacstr = 00:0B:86:9D:A7:38

Initialized Timers
IKE_init: completed after (0.0)(pid:3913)  time:2015-12-24 13:42:27
 seconds.
Dec 24, 13:42:27: RAP using default certificates

Dec 24, 13:42:27: Before getting Certs
Dec 24, 13:42:27: TPM enabled
Dec 24, 13:42:27: get_usb_type: Unable to open /tmp/usb_type
Dec 24, 13:42:27: get_usb_csr: Unable to open /tmp/usb_csr
Dec 24, 13:42:27: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0
Dec 24, 13:42:27: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:42:27: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:42:27: DER Device Cert file len:1767
Dec 24, 13:42:27: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der
Dec 24, 13:42:27: Reading DER Intermediate Cert file
Dec 24, 13:42:27: DER Intermediate Cert file len:1456
Dec 24, 13:42:27: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der
Dec 24, 13:42:27: Reading DER Intermediate Cert file
Dec 24, 13:42:27: DER Intermediate Cert file len:1580
Dec 24, 13:42:27: Decode PEM Key length :0
Dec 24, 13:42:27: testHostKeys : status 0

Dec 24, 13:42:27: testHostKeys : free temp Certificate status 0

Dec 24, 13:42:27: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767
Dec 24, 13:42:27: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der
Dec 24, 13:42:27: Reading DER CA Cert file
Dec 24, 13:42:27: DER CA Cert file len:1416
Dec 24, 13:42:27: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der
Dec 24, 13:42:27: Reading DER CA Cert file
Dec 24, 13:42:27: DER CA Cert file len:1009
Dec 24, 13:42:27: Got 2 Trusted Certs
Dec 24, 13:42:27: After getFieldTrustedCerts ret:-1
Dec 24, 13:42:27: Got 0 Field Trusted Certs
Dec 24, 13:42:27: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der
Dec 24, 13:42:27: Reading DER CA Cert file
Dec 24, 13:42:27: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It
Dec 24, 13:42:27: CA Cert status : 0

Before IKE_initServer
Dec 24, 13:42:27: IKE_initServer: Cert length 1767
IKE_initServer: Host Certificate is set (RSA-SIG)
  {CN=CC0010126::00:0b:86:9d:a7:38}
Dec 24, 13:42:27: IKE_EXAMPLE_addServer port:0 natt:0

Dec 24, 13:42:27: srcdev_name = br0 ip a000001
Dec 24, 13:42:27: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0
IKE_EXAMPLE: Socket created on 10.0.0.1[0]
Dec 24, 13:42:27: IKE_EXAMPLE_addServer:1333 socket descriptor  is 0 port number 50696 for server instance 0 at 0th index
Dec 24, 13:42:27: srcdev_name = br0 ip a000001
Dec 24, 13:42:27: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1
IKE_EXAMPLE: Socket created on 10.0.0.1[50697]
Dec 24, 13:42:27: IKE_EXAMPLE_addServer:1380 socket descriptor  is 1 port number 50697 for server instance 0 at 1st index
Dec 24, 13:42:27: IKE_EXAMPLE_addDefaultServers status:0

 (0.0)(pid:3913)  time:2015-12-24 13:42:27
 SA_INIT dest=193.43.247.77
Dec 24, 13:42:27:  Initialize IKE SA
Dec 24, 13:42:27: IKE_CUSTOM_getVersion(peerAddr:c12bf74d): ikeVersion:2
Timer ID: 1 Initialized
Dec 24, 13:42:27: IKE2_newSa(peerAddr:c12bf74d): IKE_SA-lifetime:28000
  I -->
Dec 24, 13:42:27: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c12bf74d): Entered
     ENCR_AES 256-BITS
     PRF_HMAC_SHA1
     AUTH_HMAC_SHA1_96
     DH_2
   NAT_D (us): 8e 08 f5 10 8d 4a f1 a2 6f 2c 9f 8e d0 e4 7d 1c
15 b4 1f 4b
   NAT_D (peer): b6 f6 ed b4 6d 4d 6f 48 9b 69 46 9b 9d 42 07 cf
84 79 4c 51
Dec 24, 13:42:27: RAPPER_ERROR_FILE doesn't exist

Dec 24, 13:42:27: RAPPER_ERROR_FILE doesn't exist

Dec 24, 13:42:27: RAPPER_ERROR_FILE doesn't exist

Dec 24, 13:42:27: RAPPER_ERROR_FILE doesn't exist

Dec 24, 13:42:27: RAPPER_ERROR_FILE doesn't exist

 spi={7a3a018bb0a6a390 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (0.0)(pid:3913)  time:2015-12-24 13:42:27

Dec 24, 13:42:27: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 50697

IKE_EXAMPLE: IKE_keyConnect() started, id = 0xDec 24, 13:42:27: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0
c6d5641d...
Dec 24, 13:42:27: papi:15200
 spi={7a3a018bb0a6a390 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (5.0)(pid:3913)  time:2015-12-24 13:42:33

 spi={7a3a018bb0a6a390 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (11.0)(pid:3913)  time:2015-12-24 13:42:38

 spi={7a3a018bb0a6a390 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (16.0)(pid:3913)  time:2015-12-24 13:42:43

Dec 24, 13:42:48: IKE_checkExpSa rekey notfinished timeout 21000 sec
Dec 24, 13:42:48: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:c12bf74d index:0 mPeerType:0
Dec 24, 13:42:48: IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ikeVer 2
Dec 24, 13:42:48: send_sapd_error: InnerIP:0  error:43 debug_error:-8949

Dec 24, 13:42:48: send_sapd_error: error:43 debug_error:-8949

Dec 24, 13:42:48: rapper_log_error: buf = 7a 3a 01 8b b0 a6 a3 90 2b


Dec 24, 13:42:48: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c12bf74d index:0 mPeerType:0
Dec 24, 13:42:48: IKE_SA [v2 I] (id=0xc6d5641d) flags 0x41000005 failed reason = ERR_IKE_TIMEOUT, errorcode = -8949
Dec 24, 13:42:48: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2
Timer ID: 1 Deleted
rapperSendStatusCB
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
Dec 24, 13:42:58: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:42:58: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:42:58: main(): Entered, getpid()=4062
Dec 24, 13:42:58: get_ike_version: Use IKE Version 2

Dec 24, 13:42:58: papi_init papifd:8  ack:14

IKE_EXAMPLE: Starting up IKE server
setup_tunnel
Dec 24, 13:42:58: IKE_init: ethmacstr = 00:0B:86:9D:A7:38

Initialized Timers
IKE_init: completed after (0.0)(pid:4062)  time:2015-12-24 13:42:58
 seconds.
Dec 24, 13:42:58: RAP using default certificates

Dec 24, 13:42:58: Before getting Certs
Dec 24, 13:42:58: TPM enabled
Dec 24, 13:42:58: get_usb_type: Unable to open /tmp/usb_type
Dec 24, 13:42:58: get_usb_csr: Unable to open /tmp/usb_csr
Dec 24, 13:42:58: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0
Dec 24, 13:42:58: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:42:58: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:42:58: DER Device Cert file len:1767
Dec 24, 13:42:58: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der
Dec 24, 13:42:58: Reading DER Intermediate Cert file
Dec 24, 13:42:58: DER Intermediate Cert file len:1456
Dec 24, 13:42:58: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der
Dec 24, 13:42:58: Reading DER Intermediate Cert file
Dec 24, 13:42:58: DER Intermediate Cert file len:1580
Dec 24, 13:42:58: Decode PEM Key length :0
Dec 24, 13:42:58: testHostKeys : status 0

Dec 24, 13:42:58: testHostKeys : free temp Certificate status 0

Dec 24, 13:42:58: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767
Dec 24, 13:42:58: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der
Dec 24, 13:42:58: Reading DER CA Cert file
Dec 24, 13:42:58: DER CA Cert file len:1416
Dec 24, 13:42:58: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der
Dec 24, 13:42:58: Reading DER CA Cert file
Dec 24, 13:42:58: DER CA Cert file len:1009
Dec 24, 13:42:58: Got 2 Trusted Certs
Dec 24, 13:42:58: After getFieldTrustedCerts ret:-1
Dec 24, 13:42:58: Got 0 Field Trusted Certs
Dec 24, 13:42:58: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der
Dec 24, 13:42:58: Reading DER CA Cert file
Dec 24, 13:42:58: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It
Dec 24, 13:42:58: CA Cert status : 0

Before IKE_initServer
Dec 24, 13:42:58: IKE_initServer: Cert length 1767
IKE_initServer: Host Certificate is set (RSA-SIG)
  {CN=CC0010126::00:0b:86:9d:a7:38}
Dec 24, 13:42:58: IKE_EXAMPLE_addServer port:0 natt:0

Dec 24, 13:42:58: srcdev_name = br0 ip a000001
Dec 24, 13:42:58: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0
IKE_EXAMPLE: Socket created on 10.0.0.1[50698]
Dec 24, 13:42:58: IKE_EXAMPLE_addServer:1333 socket descriptor  is 0 port number 50698 for server instance 0 at 0th index
Dec 24, 13:42:58: srcdev_name = br0 ip a000001
Dec 24, 13:42:58: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1
IKE_EXAMPLE: Socket created on 10.0.0.1[50699]
Dec 24, 13:42:58: IKE_EXAMPLE_addServer:1380 socket descriptor  is 1 port number 50699 for server instance 0 at 1st index
Dec 24, 13:42:58: IKE_EXAMPLE_addDefaultServers status:0

 (0.0)(pid:4062)  time:2015-12-24 13:42:58
 SA_INIT dest=193.43.247.77
Dec 24, 13:42:58:  Initialize IKE SA
Dec 24, 13:42:58: IKE_CUSTOM_getVersion(peerAddr:c12bf74d): ikeVersion:2
Timer ID: 1 Initialized
Dec 24, 13:42:58: IKE2_newSa(peerAddr:c12bf74d): IKE_SA-lifetime:28000
  I -->
Dec 24, 13:42:58: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c12bf74d): Entered
     ENCR_AES 256-BITS
     PRF_HMAC_SHA1
     AUTH_HMAC_SHA1_96
     DH_2
   NAT_D (us): 56 4c b3 4c de 21 0c 7c 6d d6 24 3b 5f c1 6d 98
ee bc 88 7b
   NAT_D (peer): 68 36 ea 71 25 9f d0 6a d8 79 3e 6d 75 42 8b 49
74 8f f4 4e
Dec 24, 13:42:58: RAPPER_ERROR_FILE exists

Dec 24, 13:42:58: AP err cookie retval 9 cookie:7a3a018bb0a6a390 err 2b

Dec 24, 13:42:58: RAPPER_ERROR_FILE exists

Dec 24, 13:42:58: AP err cookie retval 9 cookie:7a3a018bb0a6a390 err 2b

Dec 24, 13:42:58: RAPPER_ERROR_FILE exists

Dec 24, 13:42:58: AP err cookie retval 9 cookie:7a3a018bb0a6a390 err 2b

Dec 24, 13:42:58: RAPPER_ERROR_FILE exists

Dec 24, 13:42:58: AP err cookie retval 9 cookie:7a3a018bb0a6a390 err 2b

Dec 24, 13:42:58: RAPPER_ERROR_FILE exists

Dec 24, 13:42:58: AP err cookie retval 9 cookie:7a3a018bb0a6a390 err 2b

 spi={377b329e03f9dafe 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (0.0)(pid:4062)  time:2015-12-24 13:42:58

Dec 24, 13:42:58: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 50699

IKE_EXAMPLE: IKE_keyConnect() started, id = 0xDec 24, 13:42:58: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0
c6b63137...
Dec 24, 13:42:58: papi:15200
 spi={377b329e03f9dafe 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (5.0)(pid:4062)  time:2015-12-24 13:43:03

 spi={377b329e03f9dafe 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (10.0)(pid:4062)  time:2015-12-24 13:43:09

 spi={377b329e03f9dafe 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (15.0)(pid:4062)  time:2015-12-24 13:43:14

Dec 24, 13:43:19: IKE_checkExpSa rekey notfinished timeout 21000 sec
Dec 24, 13:43:19: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:c12bf74d index:0 mPeerType:0
Dec 24, 13:43:19: IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ikeVer 2
Dec 24, 13:43:19: send_sapd_error: InnerIP:0  error:43 debug_error:-8949

Dec 24, 13:43:19: send_sapd_error: error:43 debug_error:-8949

Dec 24, 13:43:19: rapper_log_error: buf = 37 7b 32 9e 03 f9 da fe 2b


Dec 24, 13:43:19: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c12bf74d index:0 mPeerType:0
Dec 24, 13:43:19: IKE_SA [v2 I] (id=0xc6b63137) flags 0x41000005 failed reason = ERR_IKE_TIMEOUT, errorcode = -8949
Dec 24, 13:43:19: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2
Timer ID: 1 Deleted
rapperSendStatusCB
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify!
Dec 24, 13:43:29: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:43:29: main: ethmacstr = 00:0B:86:9D:A7:38

Dec 24, 13:43:29: main(): Entered, getpid()=4267
Dec 24, 13:43:29: get_ike_version: Use IKE Version 2

Dec 24, 13:43:29: papi_init papifd:8  ack:14

IKE_EXAMPLE: Starting up IKE server
setup_tunnel
Dec 24, 13:43:29: IKE_init: ethmacstr = 00:0B:86:9D:A7:38

Initialized Timers
IKE_init: completed after (0.0)(pid:4267)  time:2015-12-24 13:43:29
 seconds.
Dec 24, 13:43:29: RAP using default certificates

Dec 24, 13:43:29: Before getting Certs
Dec 24, 13:43:29: TPM enabled
Dec 24, 13:43:29: get_usb_type: Unable to open /tmp/usb_type
Dec 24, 13:43:29: get_usb_csr: Unable to open /tmp/usb_csr
Dec 24, 13:43:29: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0
Dec 24, 13:43:29: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:43:29: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der
Dec 24, 13:43:29: DER Device Cert file len:1767
Dec 24, 13:43:29: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der
Dec 24, 13:43:29: Reading DER Intermediate Cert file
Dec 24, 13:43:29: DER Intermediate Cert file len:1456
Dec 24, 13:43:29: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der
Dec 24, 13:43:29: Reading DER Intermediate Cert file
Dec 24, 13:43:29: DER Intermediate Cert file len:1580
Dec 24, 13:43:29: Decode PEM Key length :0
Dec 24, 13:43:29: testHostKeys : status 0

Dec 24, 13:43:29: testHostKeys : free temp Certificate status 0

Dec 24, 13:43:29: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767
Dec 24, 13:43:29: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der
Dec 24, 13:43:29: Reading DER CA Cert file
Dec 24, 13:43:29: DER CA Cert file len:1416
Dec 24, 13:43:29: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der
Dec 24, 13:43:29: Reading DER CA Cert file
Dec 24, 13:43:29: DER CA Cert file len:1009
Dec 24, 13:43:29: Got 2 Trusted Certs
Dec 24, 13:43:29: After getFieldTrustedCerts ret:-1
Dec 24, 13:43:29: Got 0 Field Trusted Certs
Dec 24, 13:43:29: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der
Dec 24, 13:43:29: Reading DER CA Cert file
Dec 24, 13:43:29: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It
Dec 24, 13:43:29: CA Cert status : 0

Before IKE_initServer
Dec 24, 13:43:29: IKE_initServer: Cert length 1767
IKE_initServer: Host Certificate is set (RSA-SIG)
  {CN=CC0010126::00:0b:86:9d:a7:38}
Dec 24, 13:43:29: IKE_EXAMPLE_addServer port:0 natt:0

Dec 24, 13:43:29: srcdev_name = br0 ip a000001
Dec 24, 13:43:29: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0
IKE_EXAMPLE: Socket created on 10.0.0.1[50700]
Dec 24, 13:43:29: IKE_EXAMPLE_addServer:1333 socket descriptor  is 0 port number 50700 for server instance 0 at 0th index
Dec 24, 13:43:29: srcdev_name = br0 ip a000001
Dec 24, 13:43:29: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1
IKE_EXAMPLE: Socket created on 10.0.0.1[50701]
Dec 24, 13:43:29: IKE_EXAMPLE_addServer:1380 socket descriptor  is 1 port number 50701 for server instance 0 at 1st index
Dec 24, 13:43:29: IKE_EXAMPLE_addDefaultServers status:0

 (0.0)(pid:4267)  time:2015-12-24 13:43:29
 SA_INIT dest=193.43.247.77
Dec 24, 13:43:29:  Initialize IKE SA
Dec 24, 13:43:29: IKE_CUSTOM_getVersion(peerAddr:c12bf74d): ikeVersion:2
Timer ID: 1 Initialized
Dec 24, 13:43:29: IKE2_newSa(peerAddr:c12bf74d): IKE_SA-lifetime:28000
  I -->
Dec 24, 13:43:29: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c12bf74d): Entered
     ENCR_AES 256-BITS
     PRF_HMAC_SHA1
     AUTH_HMAC_SHA1_96
     DH_2
   NAT_D (us): 23 21 cb 08 60 3c c2 6f a2 bf af 49 ab ca da 5d
6e df c3 0c
   NAT_D (peer): 6b cc ee f0 fe 1d 58 0b 3d b1 dc 05 10 7c 8c 40
d0 6c 53 7e
Dec 24, 13:43:29: RAPPER_ERROR_FILE exists

Dec 24, 13:43:29: AP err cookie retval 9 cookie:377b329e03f9dafe err 2b

Dec 24, 13:43:29: RAPPER_ERROR_FILE exists

Dec 24, 13:43:29: AP err cookie retval 9 cookie:377b329e03f9dafe err 2b

Dec 24, 13:43:29: RAPPER_ERROR_FILE exists

Dec 24, 13:43:29: AP err cookie retval 9 cookie:377b329e03f9dafe err 2b

Dec 24, 13:43:29: RAPPER_ERROR_FILE exists

Dec 24, 13:43:29: AP err cookie retval 9 cookie:377b329e03f9dafe err 2b

Dec 24, 13:43:29: RAPPER_ERROR_FILE exists

Dec 24, 13:43:29: AP err cookie retval 9 cookie:377b329e03f9dafe err 2b

 spi={a509548d1be1f638 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=380
#SEND 384 bytes to 193.43.247.77[4500] (0.0)(pid:4267)  time:2015-12-24 13:43:29

Dec 24, 13:43:29: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 50701

IKE_EXAMPLE: IKE_keyConnect() started, id = 0xDec 24, 13:43:29: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0
bb7ecabd...
Dec 24, 13:43:29: papi:15200

end of show log rapper
========================================================g

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

Re: RAP155 convert faild | log output: IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ike

Enable debugging on the controller:

 

config t

logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn

 

Type "show log security 50" when you are trying to convert.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: RAP155 convert faild | log output: IKE SA failed reason = ERR_IKE_TIMEOUT, errorcode = -8949 ike

Client FW Routing issues - solved (not related to Aruba controller)
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: