Wireless Access

Reply
Contributor I

Virtual Mobility Controller and IAP-VPN

Hi,

 

I try the VMC (Virtual Mobility Controller) 8.0.1 with IAP-VPN but don't work...

 

i get the following error on security log :

isakmpd[5126]: <103061> <5126> <ERRS> |ike|   IKE_CUSTOM_useCert: can't find Server-Cert

 

Any idea ?

Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

This must be something to do with the fact that the x86 VMC doesn't have a TPM / factory cert.

 

I'm getting exactly the same behaviour when trying to convert an IAP-207 to a RAP:

 

From Controller:

Apr 25 15:08:58 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert
Apr 25 15:10:02 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert
Apr 25 15:11:05 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert

 

2017-04-25 03:09:32 ConnectTo: <public IP>
2017-04-25 03:09:32 SEND: cf1a3837ac4d970a : 0000000000000000 , np=33, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 RECV: cf1a3837ac4d970a : 0000000000000000 , np=41, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 SEND: cf1a3837ac4d970a : 0000000000000000 , np=41, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 RECV: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=33, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:37 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:43 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:48 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:53IKE FAILED err: RC_ERROR_IKEP2_PKT1

 

 

Regular Contributor II

Re: Virtual Mobility Controller and IAP-VPN


Chris_Denham wrote:

This must be something to do with the fact that the x86 VMC doesn't have a TPM / factory cert.



Yes...

 

No news/idea ?

ACMP 6.4 / ACMX #107 / ACCP 6.5
Occasional Contributor I

Re: Virtual Mobility Controller and IAP-VPN

Anything new on this VPN issue with Virtual Controller to solve?

 

Att,

apaiva

Regular Contributor II

Re: Virtual Mobility Controller and IAP-VPN


apaiva@arpsist.com.br wrote:

Anything new on this VPN issue with Virtual Controller to solve?

 

Att,

apaiva


Get a feedback of TAC, need to try with custom certificate...

ACMP 6.4 / ACMX #107 / ACCP 6.5
New Contributor

Re: Virtual Mobility Controller and IAP-VPN

Hello,

 

It seems that IAP VPN is only supported on hardware controllers.

 

http://www.arubanetworks.com/techdocs/ArubaOS_801_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/IAP VPN Support/IAP_VPN_Support.htm%3FTocPath%3DArubaOS%2520User%2520Guide%7CInstant%2520AP%2520VPN%2520Support%7C_____0

 

 
IAP VPN is supported only on hardware mobility controllers (7000 Series and 7200 Series) including controllers that are stand-alone or managed by Mobility Master. However, IAP VPN termination is not currently supported on virtual mobility controllers. Masters (Mobility Master and Master Controller Mode) do not support any AP termination including campus APs, remote APs and IAP VPN tunnels.

Regular Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Yes, it is only supported on hardware controller...

 

but you can use GRE Tunnel !

ACMP 6.4 / ACMX #107 / ACCP 6.5
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: