I'm manually setting up a 7005 branch controller in 8.5 to a 7010 VPNC. I have a tunnel between the MM and the VPNC, and tunnel between the VPNC and the branch controller. But the MM show the branch as down. I added the branch to the Controllers list and the branch has the MM IP. Any clues as to where I should look next? Thanks for any help.
Thanks for the suggestion but there is no change. The branch gets an IP from the VPNC. I see ipsec tunnels to /mm and branch from the VPNC. The branch logs show
Apr 2 09:02:01 :103103: <3316> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:<IP>:4500 id:2592555168 errcode:ERR_IKESA_EXPIRED saflags:0x41000005 arflags:0x20
There is no firewall. In the initial setup I listed the VPNC IP. The output of 'show conf effective' show the vpn-ip as the VPNC IP. Show ip route list the VPNC IP as an ipsec map management-vpnc. Show datapath session shows limited traffic between the branch and VPNC but keeps resetting. Thanks!
Yes, very similar. I'm using public IP addresses to try to keep it simple. I only have a single VPNC. Default gw is on the same subnet. The vpn-mac-1 that I have doesn't match the VPNC mac. I'm not sure where it came from -- possibly another branch controller I had been working with. Not sure how to change that line. Thanks.
Sorry, I misread the mac address above. It is the correct mac address of the VPNC controller.
I got this working with Aruba TAC's help. Needed to use Mgmt mac address for MM and backup MM when running VPNC setup script. -- Jim
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.