Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Failed to establish secure connection: Code -8949

This thread has been viewed 43 times

  • 1.  Failed to establish secure connection: Code -8949

    Posted Nov 30, 2020 11:17 AM

    Hi All,

    in this April I setup VIA with Aruba Central (AC) Version 2.5.1 and Firmware 8.4.0.0-1.0.6.4_74274 (Aruba 7024 as VPNC).
    Since a few days I try to reproduce this with  AC 2.5.2 and FW 8.5.0.0-2.0.0.6_76205 (Aruba 7010 as VPNC)

    I copied the orignal Config GROUP "VPNC-01" to "VPNC-02" and I double check the configuration (Diff against the running  config and completly check on AC GUI). 

    I still get the Error "Failed to establish secure connection: Code -8949" on client side.

    Any Ideas what I could check ? 
    Any Ideas how to debug this? Cause normal logging stays quite.

    Is there a good background documentation about VIA? -> I not need the kind of Aruba Central Documentation -> I need to have a deeper understanding about how things work together. 

    with kind regards

    Markus



    ------------------------------
    Markus Werner
    ------------------------------


  • 2.  RE: Failed to establish secure connection: Code -8949

    EMPLOYEE
    Posted Dec 02, 2020 12:55 AM
    Hi Markus,

    Can you provide more details about your setup. Do you use IKEv1 or IKEv2. How do you authenticate? 
    If certificates play a role you need to create new certificates on the second VPNC as well. Maybe your clients do not trust the new VPNC. But we need more details to dig deeper int this issue.

    ------------------------------
    Florian Baaske
    ------------------------------

    Original Message


  • 3.  RE: Failed to establish secure connection: Code -8949

    Posted Dec 15, 2020 10:49 AM

    Hi Florian,

    sorry for late responds but I had an urgent private issue  exactly 14 days ago.  Then I had much work and today I have a bit time. 
    After I posted here I already found the issue. 
    The Certificate was not Cloned to the new devices and so the Controller had the configuration but not the certificates. Aruba Central was not able to apply configuration to devices, because the cli command to change the config failed due to missing certificate (Deadlock situation). 
    I ask our Project Consultant to get in touch with Aruba to fix the error, but didn't received a feedback till now.

    Anyway we made an firmware upgrade on Sunday on all of our devices to enable SD-WAN-Mesh and since it went so smooth we tried VIA again and everything works fine now. 

    Markus




    ------------------------------
    Markus Werner
    ------------------------------

    Original Message


  • 4.  RE: Failed to establish secure connection: Code -8949

    Posted Dec 03, 2020 01:27 AM
    Hi Markus!

    Please check VIA logs; gearbox icon => tab Logs. It will provide you a zip file from where you might find more insights about the issue.

    ------------------------------
    gone fishing.
    ------------------------------

    Original Message


  • 5.  RE: Failed to establish secure connection: Code -8949

    Posted Dec 15, 2020 10:54 AM
    Hi,

    thanks for your feedback. Sorry for late responds, See my answer to Florian.

    I had the VIA logs downloaded but they weren't so helpfull, the same applies to log entries on the device and on Aruba Central. 
    I found in Config Audit the mismatch but weren't able to fix the problem. I even tried disaster recovery mode. It is a shame that there is now "Applied the cli command with force", I would have resolved the deadlock.

    Markus

    ------------------------------
    Markus Werner
    ------------------------------

    Original Message