Wireless Access

Reply
Frequent Contributor II

Troubleshooting "No Syn" Communication Issue

I'm troubleshooting a communication issue between a wirelses client at one locatino communicating with a wired device at another location. Location A has a 620 local controller. Location B has a 620 local controller. The master is a 3200. You can ping from one local to the other with no problem. The problem is that wireless clients at location A cannot connect to a particular device at location B using port 5900. When I look at "show datapath session" on either side, I see the devices making an attempt, however the Flag shows "Y" which means No Sync.

 

Does anyone have any thoughts on why I'm seeing this? All controllers are running 6.1.3. Thanks in advance.

Network Engineer | Airhead | Titus 3:5
Guru Elite

Re: Troubleshooting "No Syn" Communication Issue

We will probably need more information like a detailed network diagram.  It is not clear what is going on.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Troubleshooting "No Syn" Communication Issue

No problem. Here is a basic diagram of the current setup. I have static routes on all devices that provide full connectivity to all other sites.

For Aruba Forum.jpg

Network Engineer | Airhead | Titus 3:5
Frequent Contributor II

Re: Troubleshooting "No Syn" Communication Issue

Also, to clarify, we aren't using site-to-site VPN, but rather just the master-local IPSEC tunnels to communicate between controllers.

Network Engineer | Airhead | Titus 3:5
Guru Elite

Re: Troubleshooting "No Syn" Communication Issue

So the master/local ipsec tunnels only establish connectivity between the two controllers specifically

 

If you want to have more clients pass traffic over those tunnels, you have to do that via "ip route x.x.x.x y.y.y.y ipsec map" on both sides to allow them to pass traffic.  In other words, write routes on each side pointing to that IPSEC map for each subnet you want to advertise reachability to.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Troubleshooting "No Syn" Communication Issue

Yes, we have the static route statements on all of the local controllers. For example, The East local controller has static routes, for all of West's local subnets, that point to the ipsec map. My main question is what would the "No Syn" flag indicate?

Network Engineer | Airhead | Titus 3:5
Aruba Employee

Re: Troubleshooting "No Syn" Communication Issue

guess "no SYN" could mean controller is not responding to the IPsec establishing request. For example, in one of my Lab test, one AP is not licensed, controller shows “No SYN” and keeps dropping IKE request

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: