im trying to add a local to a master, same ArubaOS is used and my basic trouble shooting seems to point so some issue i don't fully understand. i have set the roles correctly and PSK has been copy pasted from test file for being certain it matches.
(master) #show datapath session | include 4500
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
192.168.20.189 192.168.20.190 17 4500 4500 0/0 0 0 0 1/8 16d F
192.168.20.190 192.168.20.189 17 4500 4500 0/0 0 0 0 1/8 16d FC
192.168.20.189 172.16.16.254 17 4500 4500 0/0 0 0 0 1/3 b FY
172.16.16.254 192.168.20.189 17 4500 4500 0/0 0 0 1 1/3 b FC
(local) # show datapath session | include 4500
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
192.168.20.189 192.168.20.190 17 4500 4500 0/0 0 0 0 local 14e F
192.168.20.190 192.168.20.189 17 4500 4500 0/0 0 0 0 local 14e FC
log on local:
Mar 24 16:18:52 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1018 pubsub msg
Mar 24 16:18:52 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1191 cfgm msg
Mar 24 16:18:52 isakmpd[2001]: <103061> <ERRS> |ike| vlan 1 is not configured yet
Mar 24 16:18:52 isakmpd[2001]: <103061> <ERRS> |ike| vlan 1 is not configured yet
Mar 24 16:18:52 isakmpd[2001]: <103062> <INFO> |ike| Cluster IKE Initialisation: change from None->None
Mar 24 16:18:52 isakmpd[2001]: <103063> <DBUG> |ike| handleMasterRoleCfg: ip 192.168.20.189 role 3
Mar 24 16:18:52 isakmpd[2001]: <103066> <INFO> |ike| Sending Cluster role change code 1 at time 622.830000
Mar 24 16:18:52 isakmpd[2001]: <399816> <ERRS> |ike| Vlan 1 is not configured yet
Mar 24 16:18:52 isakmpd[2001]: <399816> <ERRS> |ike| Vlan 1 is not configured yet
Mar 24 16:18:53 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:insert_vlan_ip:5070 initialize the vlanid:1 entry ip:c0a814be
Mar 24 16:18:53 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1018 pubsub msg
Mar 24 16:18:53 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1070 Recvd SWITCH IP =192.168.20.190
Mar 24 16:18:53 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_register_for_switch_ip:4182 Sending REQUEST for SWITCH IP
Mar 24 16:18:53 isakmpd[2001]: <103060> <DBUG> |ike| message.c:message_drop:2707 Message drop from 192.168.20.189 port 4500 due to notification type INVALID_COOKIE
Mar 24 16:18:53 isakmpd[2001]: <103063> <DBUG> |ike| message_recv: invalid cookie(s) 0a7789ce3ac2c081 d4af019b7db8fd2d
Mar 24 16:18:53 isakmpd[2001]: <103063> <DBUG> |ike| virtual_bind_ipv4: 192.168.20.190 already bound
Mar 24 16:18:53 isakmpd[2001]: <103070> <INFO> |ike| Sending Cluster role change code 1 at time 623.520000 to subscriber 8344
Mar 24 16:18:54 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_get_cpsec_state:4226 Sending REQUEST for CPSEC STATE
Mar 24 16:18:54 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1018 pubsub msg
Mar 24 16:18:54 isakmpd[2001]: <103063> <DBUG> |ike| ipc_rcvcb : CPSEC not ready
Mar 24 16:18:54 isakmpd[2001]: <103063> <DBUG> |ike| ipc_rcvcb : Recvd msg 3 from CPSECd
Mar 24 16:18:54 isakmpd[2001]: <103070> <INFO> |ike| Sending Cluster role change code 1 at time 624.520000 to subscriber 8345
Mar 24 16:18:57 isakmpd[2001]: <103060> <DBUG> |ike| ipc.c:ipc_rcvcb:1018 pubsub msg
Mar 24 16:18:57 isakmpd[2001]: <103070> <INFO> |ike| Sending Cluster role change code 1 at time 627.420000 to subscriber 8453
Mar 24 16:19:00 isakmpd[2001]: <103063> <DBUG> |ike| ipc_rcvcb : CPSEC not ready
Mar 24 16:19:00 isakmpd[2001]: <103063> <DBUG> |ike| ipc_rcvcb : Recvd msg 3 from CPSECd
Mar 24 16:19:07 isakmpd[2001]: <103018> <INFO> |ike| IKE Phase 1 hash mismatch. Most likely because IKE pre-shared key or certificate mismatch.
Mar 24 16:19:07 isakmpd[2001]: <103051> <INFO> |ike| IKE module gets local-master configuration
Mar 24 16:19:07 isakmpd[2001]: <103054> <INFO> |ike| Dropping IKE message drop from 192.168.20.189 4500 due to notification type:INVALID_ID_INFORMATION
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| exchange.c:exchange_ike_negotiate:3057 Found policy for dest-net 192.168.20.189/255.255.255.255 with peer gw 192.168.20.189
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| exchange.c:exchange_negotiation_state_done:2647 Ipsec map default-local-master-ipsecmap is marked negotiation-done
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| exchange.c:exchange_negotiation_state_inprog:2631 Ipsec map default-local-master-ipsecmap is marked negotiation-inprogress
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| if.c:GetIPAddrByVlanId:209 vlan 0 ip 192.168.20.190
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| if.c:GetIPAddrByVlanId:209 vlan 1 ip 192.168.20.190
Mar 24 16:19:07 isakmpd[2001]: <103060> <DBUG> |ike| if.c:GetIPAddrByVlanId:209 vlan 1 ip 192.168.20.190