Thanks Carson,
I will test your procedure, it will take me a little bit of time as I have converted my lab into testing the Virtual VPNC (with litle luck so far)
Original Message:
Sent: 4/11/2024 9:36:00 AM
From: chulcher
Subject: RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
If you take that AP that was associated on the internal network, convert the AP to a RAP while still on the internal network, then move the RAP to an AP group where the LMS entry points at the public IP address for the controller, that AP should be properly configured to work from a remote network. Test to see if that process works. If that doesn't work then there is likely a configuration issue to be looked at.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Apr 11, 2024 09:20 AM
From: mvanoverbeek
Subject: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
I think I was able to do that yes, the AP was working on the controller. Are there any special steps I should have followed?
Martijn Paul van Overbeek | Architect | | | |
Original Message:
Sent: 4/11/2024 9:15:00 AM
From: chulcher
Subject: RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
Can you get the AP associated with the controller by using the local network? Can you convert the AP to a RAP
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Apr 11, 2024 08:56 AM
From: mvanoverbeek
Subject: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
Hi Carson,
10.20.202.10 = VMC in standalone mode
97.140.15x.xx = Verizon IP address of Remote AP
The remote AP (345) is behind the FWA Verizon device
The VMC is behind a Fortigate Firewall and I had port-forwarding set up for UDP port 4500 and I am running NAT
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Apr 08, 2024 11:03 PM
From: chulcher
Subject: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
In your logs, what is talking to what? Which IP address is associated with which device? Is the VMC running in a cluster or standalone? Are you running NAT or directly with a public IP address?
What model is the AP and what software is the AP running?
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Apr 08, 2024 08:49 PM
From: mvanoverbeek
Subject: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR
I am trying to test migration from Remote AP to Aruba central but am still new to Aruba in general. This means I actually never configured an Virtual Controller with Remote APs. I looked on Youtube, validated designs, and this forum, but now have to conclude I am unable to find any.
Can anyone point me to preferably a step-by-step on how to configure remote APs on a (virtual) controller running ArubaOS 8.10.0.10 LSR? This will really help me out testing the migration of Remote APs to Microbranch APs.
One thing I run into is that I cannot even access the AP through console, for some reason passwords do not get accepted, it does not accept the serial number or anything I know I use as a password. Logs below are from the VMC (i x-ed out three digits of my IP address)
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092063 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:d8324c00 OppSPI:50a96c00 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092064 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:dbf89d00 OppSPI:60b88a00 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092065 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:63d2da00 OppSPI:e5d18400 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
isakmpd[5624]: <103103> <5624> <WARN> |ike| 97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092066 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------