Wireless Access

Reply
Regular Contributor I

Rap 5 RC_ERROR_IKE_SA_ERROR

I had a site with RAP's deployed and working.

 

I upgraded the site to 6.1.3.1 software and now all the RAP's are down. I defaulted one of them and went to set it back up from the remote site and it is showing giving error  RC_ERROR_IKE_SA_ERROR

 

Any ideas?

Guru Elite

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

What did you upgrade from?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

I'm kicking myself now for not looking...... I want to say it was on a 6.0.X.X but not sure exactly which now because i've tried loading other software in it's place and wrote over it.

Guru Elite

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

Okay.

 

First, we need the exact error that you are seeing.

 

Type "show datapath session table | include 4500" to see if there is any inbounds traffic"

 

On the controller type "show crypto isakmp sa" to see if any APs have connected successfully.

 

If not, report back...

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

I took one of the RAP's and connected it locally to the controller and it came up. I reprovisioned it after it upgraded and it connected. I then took it to the remote site and connected it and this is what i"m getting.

 

(Aruba3200-US) #show datapath session | include 4500

50.77.192.165   50.77.251.66    17   4500  1024   0/0     0 0   1   1/0         cc   F

50.77.251.66    50.77.192.165   17   1024  4500   0/0     0 0   0   1/0         cc   FC

 

(Aruba3200-US) #show crypto ipsec sa

% No active IPSEC SA

 

 

(Aruba3200-US) #show  crypto isakmp sa

ISAKMP SA Active Session Information

------------------------------------

Initiator IP     Responder IP   Flags       Start Time      Private IP

------------     ------------   -----     ---------------   ----------

50.77.251.66     50.77.192.165  r-v2-R    May 29 09:58:41     -

 

Flags: i = Initiator; r = Responder        m = Main Mode; a = Agressive Mode v2 = IKEv2        p = Pre-shared key; c = Certificate/RSA Signature; e =  ECDSA Signature        x = XAuth Enabled; y = Mode-Config Enabled; E = EAP Enabled        3 = 3rd party AP; C = Campus AP; R = RAP        V = VIA; S = VIA over TCP

Total ISAKMP SAs: 1

 

 

 

 

Regular Contributor I

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

When I connect it locally it shows it connecting via Certificate/RSA and makes a IPSEC connection

 

There is no firewall between them. Controller and RAP are both on cable modem connections.

 

 

(Aruba3200-US) #show  crypto isakmp sa

ISAKMP SA Active Session Information

 ------------------------------------

 Initiator IP     Responder IP   Flags       Start Time      Private IP

 ------------     ------------   -----     ---------------   ----------

10.0.251.253     50.77.192.165  r-v2-c-R  May 29 10:52:35   172.16.19.4

 

Flags: i = Initiator; r = Responder        m = Main Mode; a = Agressive Mode v2 = IKEv2        p = Pre-shared key; c = Certificate/RSA Signature; e =  ECDSA Signature        x = XAuth Enabled; y = Mode-Config Enabled; E = EAP Enabled        3 = 3rd party AP; C = Campus AP; R = RAP        V = VIA; S = VIA over TCP

Total ISAKMP SAs: 1

Guru Elite

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

So the only thing that changed was the version of controller code?  Do the RAPs go through a firewall?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Rap 5 RC_ERROR_IKE_SA_ERROR

Sorry for the late response on this. Have been really busy lately.

 

Turns out that the cable modem that the rap was connected to needed to be reset. It was passing http traffic but nothing else which is why the RAP would never come up.

 

Not sure why doing a controller upgrade to the RAP through the modem would have done that but a reboot on the internet cable modem fixed it.

 

Thanks !!!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: