Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ERROR ancrypto 183 Incorrect datalen

This thread has been viewed 0 times

  • 1.  ERROR ancrypto 183 Incorrect datalen

    Posted Feb 20, 2012 09:14 AM
    Hello! I'm having trouble setting up VIA in my test enviroment. The controller is running 6.1.3 and the client is a w7 x64 with VIA 2.0.1.x. So to my problem: The VIA Client is detecting when I'm on the inside of the network, but when switching to an unsecure network (in this case my wifi hotspot on my HTC Sensation) it doesnt connect. The NPS Server grants access: Network Policy Server granted access to a user. The Controller logs the message: Feb 20 14:02:11 authmgr[1528]: [124003] [INFO] |authmgr| Authentication result=Authentication Successful(0), method=VIA-WEB, server=[NPS Server], user=[External Client IP] Feb 20 14:02:11 authmgr[1528]: [124038] [INFO] |authmgr| Selected server [NPS Server] for method=VIA-WEB; user=[username], essid=[], domain=[], server-group=[NPS-server-group] Feb 20 14:02:11 authmgr[1528]: [522038] [INFO] |authmgr| username=[username] MAC=00:00:00:00:00:00 IP=[External Client IP] Authentication result=Authentication Successful method=VIA-WEB server=[NPS Server] Feb 20 14:02:11 webui[1377]: USER: [username] has logged in from [External Client IP]. This is output from the anrac.txt logfile: Feb 20 14:04:51.183 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:04:51.183 2494 DEBUG anikeimpl 2038 Enter, cmd(121) Feb 20 14:04:51.183 2494 DEBUG anikeimpl 2210 Attach Feb 20 14:04:51.183 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:04:51.183 2494 DEBUG anikeimpl 2038 Enter, cmd(113) Feb 20 14:04:51.183 2494 DEBUG anikeimpl 2196 Set local interface Feb 20 14:04:51.183 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:04:51.184 2494 DEBUG anikeimpl 2038 Enter, cmd(106) Feb 20 14:04:51.184 2494 DEBUG anikeimpl 2260 DNS Suffix is Feb 20 14:04:51.186 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:04:51.186 2494 DEBUG anikeimpl 2038 Enter, cmd(117) Feb 20 14:04:51.186 2494 INFO anikeimpl 2174 Add creds Feb 20 14:04:51.186 2494 INFO anikeimpl 2278 Send resp(56136) Feb 20 14:04:51.187 2494 INFO anikeimpl 2290 Send returned 1192(0) Feb 20 14:04:51.324 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:04:51.324 2494 DEBUG anikeimpl 2038 Enter, cmd(110) Feb 20 14:04:51.324 2494 DEBUG anikeimpl 2043 Add New IKE Session Feb 20 14:04:51.340 2494 INFO anrouteintf 913 Num Entries: 4 Feb 20 14:04:51.340 2494 DEBUG anrouteintf 920 Calling GetBestRoute(0x538ee46d) Feb 20 14:04:51.355 2494 INFO anrouteintf 855 Adapter ADdress is 0.0.0.0 Feb 20 14:04:51.355 2494 INFO anrouteintf 855 Adapter ADdress is 0.0.0.0 Feb 20 14:04:51.355 2494 INFO anrouteintf 855 Adapter ADdress is 0.0.0.0 Feb 20 14:04:51.355 2494 INFO anrouteintf 855 Adapter ADdress is 0.0.0.0 Feb 20 14:04:51.355 2494 INFO anrouteintf 855 Adapter ADdress is 192.168.1.59 Feb 20 14:04:51.355 2494 INFO anrouteintf 858 Adapter Name is Intel(R) WiFi Link 1000 BGN and type is 71 Feb 20 14:04:51.355 2494 INFO anrouteintf 929 IP Address[3]: 192.168.1.59 Feb 20 14:04:51.355 2494 INFO anikeimpl 1202 Current Interface address is 192.168.1.59 Feb 20 14:04:51.355 2494 ERROR ancrypto 149 Incorrect datalen Feb 20 14:04:51.355 2494 INFO anikeimpl 2119 Lifetime 28000 86400 7200 86400 Feb 20 14:04:51.355 2494 TRACE anikeimpl 279 EAP INFO Initialized EAP Feb 20 14:04:51.355 2494 TRACE anikeimpl 279 EAP INFO Created EAP Instance Feb 20 14:04:51.355 2494 INFO anikeimpl 2763 Using PSK for Authentication Feb 20 14:04:51.355 2494 INFO anikeimpl 2636 IKE LifeTmie options are 28000-86400, 7200-86400 Feb 20 14:04:51.355 2494 ERROR ancrypto 183 Incorrect datalen Feb 20 14:04:51.355 2494 TRACE anikeimpl 279 EAP INFO Destroyed EAP Instance Feb 20 14:04:51.355 2494 TRACE anikeimpl 279 EAP INFO Shutdown EAP Feb 20 14:04:51.355 2494 ERROR anikeimpl 2789 IKE_initServer() failed, status = 0 Feb 20 14:04:51.355 2494 TRACE anikeimpl 279 IKE INFO IKE server shutting down. Feb 20 14:04:51.355 2494 ERROR anikeimpl 2134 ike_init failed clean up IKE Feb 20 14:04:51.355 2494 DEBUG anikeimpl 498 EAP_init: Initialized EAP Instance Timer ID: 1 Initialized Timer ID: 2 Initialized EAP_initInstance: Create EAP Instance = 1 IKE_init: completed after (34.191) seconds. Timer ID: 1 Deleted Timer ID: 2 Deleted EAP_deleteInstance: Destroyed EAP instanceId = 1 EAP_shutdown: Shutdown EAP Instance Feb 20 14:10:39.276 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:10:39.276 2494 DEBUG anikeimpl 2038 Enter, cmd(121) Feb 20 14:10:39.276 2494 DEBUG anikeimpl 2210 Attach Feb 20 14:10:39.278 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:10:39.278 2494 DEBUG anikeimpl 2038 Enter, cmd(113) Feb 20 14:10:39.278 2494 DEBUG anikeimpl 2196 Set local interface Feb 20 14:10:39.278 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:10:39.279 2494 DEBUG anikeimpl 2038 Enter, cmd(106) Feb 20 14:10:39.279 2494 DEBUG anikeimpl 2260 DNS Suffix is Feb 20 14:10:39.279 2494 INFO anikeimpl 636 IPC Message Received Feb 20 14:10:39.279 2494 DEBUG anikeimpl 2038 Enter, cmd(110) Feb 20 14:10:39.279 2494 DEBUG anikeimpl 2043 Add New IKE Session Feb 20 14:10:39.289 2494 INFO anrouteintf 913 Num Entries: 4 Could anyone point me in the right direction to troubleshoot this problem? Thanks in advance.


  • 2.  RE: ERROR ancrypto 183 Incorrect datalen

    EMPLOYEE
    Posted Feb 20, 2012 11:31 AM

    What instructions did you use to configure the VIA client?

     

    the VIA-WEB method is only for when the user logs in to the controller download the VIA client.  We need the controller logs after that time.  We do not need the client-side logs at this point.

     

    Troubleshooting this issue can get very complicated and frustrating on a forum, so you might want to open a TAC case in parallel.

     



  • 3.  RE: ERROR ancrypto 183 Incorrect datalen

    Posted Feb 21, 2012 03:21 AM

    Hello and thanks for the reply!

    The instructions used are VIA-configuration-detail.pdf. 

    I'll go ahead and open a TAC case i think if thats what you recommend. Thanks in advance.



  • 4.  RE: ERROR ancrypto 183 Incorrect datalen

    EMPLOYEE
    Posted Feb 21, 2012 05:48 AM

    teex, did you try it with a device that is internal to your network first, to make sure it works?

     



  • 5.  RE: ERROR ancrypto 183 Incorrect datalen

    Posted Feb 22, 2012 02:23 AM

    Thanks for your answer.

    Yes I did and I have the same problem here aswell. As far as I can tell the logs on the controller dont tell me anything either.

    Please advice on how to proceed.



  • 6.  RE: ERROR ancrypto 183 Incorrect datalen
    Best Answer

    EMPLOYEE
    Posted Feb 22, 2012 09:04 AM

    Try to add a preshared key:

     

    config t

    crypto isakmp key testkey address "0.0.0.0" netmask "0.0.0.0"

     

    ...and see if it works.



  • 7.  RE: ERROR ancrypto 183 Incorrect datalen

    Posted Mar 01, 2012 03:31 AM
    Hello. Yes the psk was needed, aswell as having a DNS server configured under VPN Services along with the l2tp pool. Thanks for the help!