Wireless Access

Reply
Contributor II
Posts: 100
Registered: ‎10-04-2012

problems terminating Instant IPSEC tunnels on a 7210 controller

Hello Airheads,

anyone have problems with Instant IPSEC tunnels terminating on 7210 controllers?

 

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Hi friend,

 

What is the issue ? I can help you on fixing the issue.

 

Please feel free to share the issue.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

hello Venu,

 

we have Aruba Instant clusters in the field terminating VPN tunnels onto a 7210 controller

we have set everything up e.g. VPN pool on the controller and peer gateway but we are getting this message in the logs when the tunnel doesn't form

 

Jan 22 08:59:32 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 08:59:32 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 09:00:15 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 09:00:15 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:23 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a7ca4, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:24:23 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

Jan 22 10:24:44 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:24:44 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a5d6c, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:24:44 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

Jan 22 10:25:05 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:25:05 isakmpd[3352]: <103061> <ERRS> |ike|   Unable to get get IP Address from pool

Jan 22 10:25:05 isakmpd[3352]: <103063> <DBUG> |ike|   *** ipc_auth_recv_packet user=24:de:c6:c6:51:0a, pass=******, result=0   ctx:7a53bc, ctx-innerip:0.0.0.0 l2tp_pool:VPN-pool

Jan 22 10:25:05 isakmpd[3352]: <103063> <DBUG> |ike|   get_ikev2_internal_ip pool VPN-pool

 

ani ideas?

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Do you have a vpn pool defined on the controller? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

 

yes Tim we do

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Hi

 

Check whether the pool is exhausted ?

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 100
Registered: ‎10-04-2012

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

 

the pool has plenty of addresses spare

Pete

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Hi,

 

The output is clearly saying it is issue with VPN pool. you have to work around the pool.

 

If no other IPSec is terminated on the same controller, reset the Pool.

 

Please feel free for any further query on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Please check the L2TP pool by running:

 

show vpdn l2tp local pool

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: problems terminating Instant IPSEC tunnels on a 7210 controller

Make sure your pool on that controller is named VPN-pool (case sensitive); as that is what the IAP seems to be looking for in your setup.    Did you specify the pool that is used for the default-vpn-role by chance?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: