how can i troubleshoot this issue and find the root cause
Wrong passwords between MC and MM
OR MM and MM
In your Mobility Master (MM) there will be a line(s) in the configuration for each of the Mobility Controllers (MCs):
localip <controller-ip> ipsec ******
To find it easier and to de-encrypt the ipsec PSK try this:
show configuration effective | include localip
Try setting this PSK to what you configured during the full-setup phase of the controller.
For the MM redundancy (MM to MM) the ipsec key is configured under 'master-redundancy'. Look for the following:
peer-ip-address <MM-peer> ipsec <ipsec-key>
This needs to be the same at both MMs.
Remember to 'encrypt enable' when you're done.
how can i check the error by the debug ???
As it's IPsec auth failure you would be looking for IKE failure in the ipsec related debug logs. One of these will do the trick:
logging security process crypto level debugging
logging security subcat ike level debugging
logging security process authmgr level debugging
Maybe something like this: <6280> <DBUG> |ike| 10.10.10.99:500-> I <-- Notify: AUTHENTICATION_FAILED (IKE)
Remember to turn off debug level logging after you're finished.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.