Wireless Access

Reply
New Contributor

Remote AP connection via IPsec

Hello:

 

I am brand new to Aruba. I am testing some Aruba equipments right now. The AP that is local to my controller (7005) are working fine. The problem I have is with the 225AP at a remote location. Here is the basic setup

 

225 --SW--- PA(Firewall) ------IPSEC -------PA(Firewall) -------Controller 7005---DNS Server

 

From the remote network, I can ping aruba-master and resolve via nslookup. Once the AP got the DHCP address, I can ping the AP from the controller and the controller from the AP. But the AP will never assocaite with the controller. 

 

I have try to console into the AP, it will sit at the Master:    screen, then reboot. I did try to hardcode the controller IP, once I did that. The AP will show up inside the controller with the I,D Flag but I cannot do anything to it. I try to change the profile, but the AP never restart. 

 

I did a capture on both end of the firewall, some UDP aruba-papi traffic got drop. I suspect MTU between the tunnel was the problem. I drop the MTU to 1400 but no luck. 

 

I did plug the AP at the local network at first and all work fine, but once I relocate them. It stop working...

 

Have anyone run into a similar problem? Any suggestion would be appreciated. 

 

Gary 

Guru Elite

Re: Remote AP connection via IPsec

Go to configuration> wireless> ap configuration. Edit the ap-group that your access point is in. Expand Ap > System Profile. Click on Ap System Profile. If there is an LMS-IP, remove it.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Remote AP connection via IPsec

Did u deployed the AP as RAP or CAP? because as far as it's looks - GRE will not pass the two firewalls you got - I advise you to pre configure the AP as RAP (it will be based on IPSEC) and then your AP will be able to contact the controller without the ID

 

read here:

http://www.jeremygood.net/2010/04/how-to-deploy-aruba-remote-access-point_14.html

 

or read this PDF

http://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/268/1/RAP%20Installation-Updated.pdf

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
New Contributor

Re: Remote AP connection via IPsec

Sorry for the late reply. We finally fix the issues couple weeks ago. Aruba support keep having us run around during troubleshooting. At the end of the day, we figure it out the problem is dealing with MTU size, my initial MTU 1150 was not small enough. Once we drop it to 1100, it start working.

 

Thank for the suggestion. We finially can roll out the new solution.   

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: