Introduction : Sometimes for troubleshooting of IPSec VPN's or master local sync, TAC will ask the customer to provide mirrored IPSec data.
Environment : This article is valid for all Aruba controllers running 3.x and above.
Network Topology : We must have a PC with wireshark running on it.
For best results:
1. This PC must have wired connectivity to the controller.
2. If the PC is wireless, we must make sure that it is in authenticated role.
Configuration Steps : For 3.x to 6.2.x:
a. Enable the IPSecsession mirroring:
# firewall session-mirror-ipsec
b. Send the mirrored traffic to a packet capture capable device:
# firewall session-mirror-destination < destination ip_address >
For 6.3 and above:
a. Set the packet capture location:
# packet-capture destination ip-address < wireshark device >
b. Enable IPSec mirroring:
# packet-capture ipsec
Note: We can make the captures more granular by specifying the peer name:
# packet-capture ipsec < inner ip address of the ipsec peer >
Answer : Export the mirrored traffic from the wireshark and sent it to the TAC using:
1. Email the captures to TAC engineer if the captures are smaller than 10MB. Make sure that the "support@arubanetworks.com" is copied before sending the email.
2. Upload to the case directly from the support site.
Troubleshooting:
Please check it the PC is not in the user table of the controller and is not falling in a role.
b. Make sure that there is ample bandwidth in the network path b/w the Controller and the wireshark device.