Wireless Access

 View Only
  • 1.  AP 305 / Remote AP Conversion

    Posted May 13, 2019 05:55 AM
      |   view attached

    Hello,

     

    I'm trying to convert instant AP into Remote AP with no sucess.

     

    Configuration...

    - AP whitelisted in Mobility Controller -> Access Points -> Whitelist -> Remote AP Whitelist

    - VPN L3 Authentication of default and default-rap set to "default". Default Server Group in "Auth Servers" is set to "Internal".

    - General VPN in Configuration -> Services -> VPN has "rap-pool" with start adress 1.1.1.10 and end adress 1.1.1.254.

     

    But without any success. When trying to convert, I'm getting info "VPN setup failed, please save the log in the popup window". There is no popup but when I log into AP I get attached output of "show log convert".

     

     

    Attachment(s)

    txt
    LOG.txt   8 KB 1 version


  • 2.  RE: AP 305 / Remote AP Conversion

    Posted May 13, 2019 06:22 AM

    What firmware is the IAP running? What firmware are you running on the controllers?

     

    Do you see the initial inbound request on the controllers when checking the datapath session?

     

    #show datapath session | include [IP IP ADDRESS]

     



  • 3.  RE: AP 305 / Remote AP Conversion

    Posted May 16, 2019 10:25 AM

    Hello,

     

    Thanks for reply, yes I do.

     

    (Arubaool1) [mynode] #show datapath session | include 10.15.80.242
    10.15.80.242 10.15.1.11 17 56326 4500 0/0 0 0 1 0/0/0 a 7 3360 FC
    10.15.1.11 10.15.80.242 17 4500 56326 0/0 0 0 1 0/0/0 b 3 749 F

     

    AP Version: 6.5.1.0-4.3.1.2_58595

    Controller Version: ArubaMC-VA,8.2.0.0



  • 4.  RE: AP 305 / Remote AP Conversion

    Posted May 21, 2019 01:58 PM

    Does anyone have an idea why is VPN connection is still failing? Thanks for your help! :-)



  • 5.  RE: AP 305 / Remote AP Conversion

    Posted May 21, 2019 02:16 PM
    Check the following:

    * Make sure the RAP wired mac is in the RAP Whitelist
    * Add RAP Pool (Inner IP assignment) under Services > VPN > General VPN
    * Add VPN Shared secret using wildcard for source 0.0.0.0 Services > VPN > Shared Secrets
    * Your firewall needs to allow 4500/UDP to allow the RAPs to build the IPSec tunnel

    Sent from Mail for Windows 10