Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Problem Site to Site VPN

This thread has been viewed 4 times
  • 1.  Problem Site to Site VPN

    Posted Nov 23, 2017 12:44 PM

    Hi guys,

     

    I create one lab for test Site to Site VPN connection. My lab has 2 controllers 620 with VPN module enable.

     

    Configuration:

     

    Communication between Controller 1 and Controller 2 is ok. 

     

    Controller 1 IP: 10.18.110.100

    IPsec Map:

     

    Crypto Map Template"TEST-VPN" 100

    IKE Version: 1

    IKEv1 Policy: 10001

    Security association lifetime seconds : [300 -86400]

    Security association lifetime kilobytes: N/A

    PFS (Y/N): N

    Transform sets={ default-transform }

    Peer gateway: 10.10.10.5

    Interface: VLAN 110

    Source network: vlan 110

    Destination network: 192.168.30.0/255.255.255.0

    Pre-Connect (Y/N): Y

    Tunnel Trusted (Y/N): Y

    Forced NAT-T (Y/N): Y

    Uplink Failover (Y/N): N

    IP Compression (Y/N): N

     

    Controller 2 IP: 10.10.10.5

    Ipsec Map:

     

    Crypto Map Template"TEST-VPN" 100

    IKE Version: 1

    IKEv1 Policy: 10001

    Security association lifetime seconds : [300 -86400]

    Security association lifetime kilobytes: N/A

    PFS (Y/N): N

    Transform sets={ default-transform }

    Peer gateway: 10.18.110.100

    Interface: VLAN 10

    Source network: vlan 10

    Destination network: 192.168.113.0/255.255.255.0

    Pre-Connect (Y/N): Y

    Tunnel Trusted (Y/N): Y

    Forced NAT-T (Y/N): Y

    Uplink Failover (Y/N): N

    IP Compression (Y/N): N

     

    Phase 1 is ok but Phase 2 doesn’t work:

     

    Screen Shot 2017-11-23 at 11.07.17 AM.png

     

    Logs:

     

    Screen Shot 2017-11-23 at 11.06.39 AM.png

    The above log shows problems related to IKE Phase 2. Does anyone know what might be happening?

     

    Thanks!

     



  • 2.  RE: Problem Site to Site VPN

    Posted Nov 24, 2017 10:09 AM

    What type of authentication do you have configured? It is probably good that you start with a simple example like the one here:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VPNs/Site_to_Site_VPNs.htm#vpns_1856148693_1006191 and then customize that to make your own.



  • 3.  RE: Problem Site to Site VPN

    Posted Nov 24, 2017 08:11 PM

    Hi Colin,

     

    Thanks for help me!

    I had followed this guide to make my Site to Site VPN. I used Ikev1 with 3DS+SHA and Pre-shared key. Both controllers are configured with Master role.

     

    I check the pre-shared key passaword and test in other 2 controller. The error is same.  

     

    Thanks,

     

    Felipe.



  • 4.  RE: Problem Site to Site VPN

    Posted Nov 25, 2017 01:30 AM

    It would seem that the parameters on the map in the controllers do not match.  the VPN goes through all the maps one by one looking for a match.