Hi Tim,
Thanks for the reply. I have checked that the client cert is already in KeyChain.
i found this error log in the controller.
Feb 26 14:30:33 isakmpd[3542]: <103063> <3542> <DBUG> |ike| IKE2_delSa sa:0x1b59ce4 peer:118.99.107.65:63753 id:4082612045 err:-90036 saflags:a00051 arflags:1
Feb 26 14:30:33 isakmpd[3542]: <103063> <3542> <DBUG> |ike| IKE2_delSa: deleting IPSEC SA 118.99.107.65:63753 due to deletion of un-rekeyed IKE_SA
Feb 26 14:30:33 isakmpd[3542]: <103102> <3542> <INFO> |ike| IKE SA deleted for peer 118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message ver:2 serverInst:0 pktsize:444
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv: ip:118.99.107.65 port:2563 server:0 len:444 numSkts:24
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv:1369: IKE2_msgRecv Called
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_msgRecv: dwPeerAddr: 76636b41 wPeerPort: a03
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563->
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> #RECV 444 bytes from 118.99.107.65(2563) at 10.232.12.11 (3745283.426)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> spi={da4a525b68d8afe8 0000000000000000} np=SA
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> exchange=IKE_SA_INIT msgid=0 len=440
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_checkCookie notify-cookie ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IPSEC_findSaByIP addr:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IPSEC_findSaByIP pxSa:(nil) status:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IPSEC_findSaByIP finished with pxSa:(nil) status:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_checkCookie finished with ipsecSa:(nil) status:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> delete_cp_route entered with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> controlplaneRouteModify entered with ip:118.99.107.65/255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> controlplaneRouteModify after socket:44 with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> controlplaneRouteModify socket:44 request:35084 dev:tsgw rtflags:0 with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> ipc.c:controlplaneRouteModify:7524 Failed to Delete Route in Kernel: error:No such process
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> controlplaneRouteModify after ioctl sock:44 with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> controlplaneRouteModify after close sock:44 with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> delete_cp_route finished with ip:118.99.107.65
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> OutInfo notify-cookie
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> <-- R Notify: COOKIE#SEND 60 bytes to 118.99.107.65(2563) (3745283.427)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_SAMPLE_ikeXchgSend: server instance 0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> cleanup_and_free_context delete ctx memory
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message IKEv2 pkt status:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message ver:2 serverInst:0 pktsize:472
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv: ip:118.99.107.65 port:2563 server:0 len:472 numSkts:24
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv:1369: IKE2_msgRecv Called
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_msgRecv: dwPeerAddr: 76636b41 wPeerPort: a03
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563->
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> #RECV 472 bytes from 118.99.107.65(2563) at 10.232.12.11 (3745283.447)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> spi={da4a525b68d8afe8 0000000000000000} np=N
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> exchange=IKE_SA_INIT msgid=0 len=468
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_allocSa sa:0x1b4f7a4 peer:118.99.107.65:2563 id:1935128400 timestart:-549683849
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_xchgIn:1387
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_newXchg oExchange:34 bReq:0 dwMsgId:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InNotify notify-cookie
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTfm entered isakmp:0x77ec14
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_cipherSuite: TfmId:12 policy-enc:12 keylen:16 policy-keylen:32
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> --> R Notify: COOKIE (IKE) Proposal #1: IKE(9) ENCR_AES 128-BITS unsupported ENCR_
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_cipherSuite: TfmId:12 policy-enc:12 keylen:24 policy-keylen:32
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_cipherSuite: TfmId:12 policy-enc:12 keylen:32 policy-keylen:32
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> AES 192-BITS unsupported ENCR_AES 256-BITS PRF_HMAC_SHA1 PRF_HMAC_MD5 skipped PRF_
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_macSuite: TfmId:2 policy:10004 mac:2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_checkGroup good dh:2 policy:2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTfm Using Policy 10004, setting IKE_SA lifetime to 28800 seconds
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTfm: status=0 merror:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InSa: after ACCEPT status:0 bMatch:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InSa: after ACCEPT CHILD_SA before BREAK status:0 bMatch:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InKe initiator:NO
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InKe responder: grp:ike 2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_checkGroup good dh:2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> DH_allocateServer: postponing further processing until DH H/w completes
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> HMAC_SHA2_256 skipped PRF_HMAC_SHA2_384 skipped AUTH_HMAC_SHA1_96 DH_2 Notify:
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> NAT_DETECTION_SOURCE_IP NAT_D (peer/NAT): 1c 8a 5e c1 99 af 00 b1 12 db eb 04 58 ab 36 db 69 ea
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> 2f d9
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): 89 be 22 3b a0 37 cc 13 d3 0e e7 a1 47 9d
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> 43 61 1e 04 a5 b5
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: 88 f0 e3 14 9b 3f a4 8b 05 aa 7f 68 5f 0b 76 6b e1 86 cc b8
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba VIA detected
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba Fragmentation request is received
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Enabling Fragmentation for this SA
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: ac 4a 8e 30 60 4a 34 c8 d5 82 78 8c dd a7 82 d5 cd 80 10 01
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba VIA UDID detected
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: 56 49 41 20 41 75 74 68 20 50 72 6f 66 69 6c 65 20 3a 20 56 49 41 2d 74 65 73 74 2d 61 75
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> 74 68
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> check_aruba_vid: VIA Auth Profile : VIA-test-auth
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_msgRecv_resume dh1 pending, skipping outstanding send
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> group_get entered id:2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> group_get ike_group:0x5c9728
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> modp_init entered
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> group_get group:0xcf3774
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:311 rsa param allocated successfully
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:318 rsa result allocated successfully
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:327 rsa arg allocated successfully
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:372 plen = 24
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:431 nlm_crypto_do_op returned success, success code = 0
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| 118.99.107.65:2563-> xlp_lib.c:xlp_send_dh_request_x_ikev2:441 DH1 request: peer: 118.99.107.65 dhflags:1 sos_pending:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message IKEv2 pkt status:0
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| xlp_lib.c:xlp_rcv_response:691 Peer:118.99.107.65 obtained result frm param struct correctly from SAE response.
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| xlp_lib.c:process_xlp_dh1_response_ikev2:509 DH1 response: peer 118.99.107.65 sos_pending 0 grouplen 128
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| xlp_lib.c:xlp_send_dh_request_x_ikev2:444 DH2 request: peer: 118.99.107.65 dhflags:4 sos_pending:1
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| xlp_lib.c:xlp_rcv_response:691 Peer:118.99.107.65 obtained result frm param struct correctly from SAE response.
Feb 26 15:30:58 isakmpd[3542]: <103060> <3542> <DBUG> |ike| xlp_lib.c:process_xlp_dh2_response_ikev2:569 DH2 response: peer 118.99.107.65 sos_pending 0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| #SEND 345 bytes to 118.99.107.65(2563) (3745283.455)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message ver:2 serverInst:0 pktsize:368
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv: ip:118.99.107.65 port:2563 server:0 len:368 numSkts:24
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_EXAMPLE_IKE_msgRecv:1369: IKE2_msgRecv Called
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_msgRecv: dwPeerAddr: 76636b41 wPeerPort: a03
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563->
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> #RECV 368 bytes from 118.99.107.65(2563) at 10.232.12.11 (3745283.485)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> spi={da4a525b68d8afe8 1eb41896293189f1} np=E{IDi}
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> exchange=IKE_AUTH msgid=1 len=364
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_xchgIn:1387
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_newXchg oExchange:35 bReq:0 dwMsgId:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_newXchg before delXchg
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE2_delXchg Deleting exchange
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> authR_in
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InSa0: calling IKE2_newIPsecSa
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> --> R Notify: INITIAL_CONTACT VID: 88 f0 e3 14 9b 3f a4 8b 05 aa 7f 68 5f 0b 76 6b e1 86 cc
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> b8
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba VIA detected
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba Fragmentation request is received
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Enabling Fragmentation for this SA
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: ac 4a 8e 30 60 4a 34 c8 d5 82 78 8c dd a7 82 d5 cd 80 10 01
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Aruba VIA UDID detected
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InVid
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> VID: 56 49 41 20 41 75 74 68 20 50 72 6f 66 69 6c 65 20 3a 20 56 49 41 2d 74 65 73 74 2d 61 75
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> 74 68
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> check_aruba_vid: VIA Auth Profile : VIA-test-auth
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InCp
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CFG_REQUEST
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CheckCfgAttr type:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CheckCfgAttr type:2
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CheckCfgAttr type:3
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CheckCfgAttr type:4
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> CheckCfgAttr type:5
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InCp : detected VPN client
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs entered
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs # of TS:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs no:0 IPV4 addr:0.0.0.0 end:255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IP4_ADDRESS IP4_NETMASK IP4_DNS IP4_NBNS ADDR_EXP TSi: 0.0.0.0~255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs responder: the remote switch ip is :: pxIPsecSa->dwIP 0.0.0.0 pxIPsecSa->dwIPEnd 255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs entered
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs # of TS:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs no:1 IPV4 addr:0.0.0.0 end:255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> TSr: 0.0.0.0~255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> InTs responder: the remote switch ip is :: pxIPsecSa->dwIP 0.0.0.0 pxIPsecSa->dwIPEnd 255.255.255.255
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Notify: MOBIKE_SUPPORTEDEAP_authStateTransition: Transition Session 1:NULL from State NoState
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> to AuthDisabled
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_sessionCreate: Created EAP Session = 1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_sessionRestart: Restart EAP, sessionId = 1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_sessionRestart: Full restart EAP, sessionId = 1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_passthruProcessULTransmit: Session 1:NULL Transmit Code 1, Type 1 Method State
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_METHOD_STATE_CONTINUE
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_authStateTransition: Transition Session 1:NULL from State AuthDisabled to AuthSendRequest
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> EAP_authStateTransition: Transition Session 1:NULL from State AuthSendRequest to AuthIdle
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> DoSa2_R : detected VPN client
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> authR_out
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_useCert certchain:(nil)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_CUSTOM_useCert group ca-cert: bits: rsa:0 ec:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_CUSTOM_useCert: found valid Server-Cert:idjktpsy06wlc01
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_CUSTOM_useCert: got 1 certs
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> UseCustomCert: certNum:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_certSetChain num:1
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_certSetChain index:0 cert-len:1690 cert:0xb6f1e4 key:0xdab8dc keylen:2017
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_certSetChain status:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> OutId: status:0 authmtd:0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> <-- R HASH_r 3e 2a 6d 06 f0 ef 68 24 df 1e 28 b0 ec 83 d4 ad d2 33 8a 7b a1 6e 77 4b 02 78 c6
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> 2f ac a8 fa a5
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> #SEND 2144 bytes to 118.99.107.65(2563) (3745283.587)
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Sending no:1 fragment out of 3 fragments, size = 900
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_SAMPLE_ikeXchgSend: server instance 0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Sending no:2 fragment out of 3 fragments, size = 900
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_SAMPLE_ikeXchgSend: server instance 0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> Sending last fragment, size = 432
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> IKE_SAMPLE_ikeXchgSend: server instance 0
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> cleanup_and_free_context delete ctx memory
Feb 26 15:30:58 isakmpd[3542]: <103063> <3542> <DBUG> |ike| 118.99.107.65:2563-> udp_encap_handle_message IKEv2 pkt status:0
Feb 26 15:31:39 isakmpd[3542]: <103063> <3542> <DBUG> |ike| IKE2_delSa sa:0x1b4f7a4 peer:118.99.107.65:2563 id:4082612048 err:-90036 saflags:a00051 arflags:1
Feb 26 15:31:39 isakmpd[3542]: <103063> <3542> <DBUG> |ike| IKE2_delSa: deleting IPSEC SA 118.99.107.65:2563 due to deletion of un-rekeyed IKE_SA
Feb 26 15:31:39 isakmpd[3542]: <103102> <3542> <INFO> |ike| IKE SA deleted for peer 118.99.107.65
------------------------------
Ananda Perdana
------------------------------
Original Message:
Sent: Feb 23, 2021 04:58 PM
From: Tim C
Subject: MacOS VIA Connection with EAP-TLS
2021-02-23 12:36:53,733 ERROR - viaplugin_cert:findCertificateInStore:241 failed to find cert reference
The required certificate could not be found.
------------------------------
Tim C
Original Message:
Sent: Feb 23, 2021 04:32 AM
From: Ananda Perdana
Subject: MacOS VIA Connection with EAP-TLS
Hi, currently i'm working on Aruba VIA with MacOS and Windows. I already configured VIA connection profile to use EAP-TLS. It is working as expected for Windows, but somehow when we try to connect with MacOS we find an error. My question is there any additional configuration needs to be added to support MacOS? i tried to find it online but haven't got anything yet. Please help
Here's some of the details :
Mobility Master : 8.3.0.7
Clearpass : 6.7.11
MacOS : Catalina 10.15.7
i attached the log from VIA Agent.
------------------------------
Ananda Perdana
------------------------------