What is the IPsec Max Retries on the AP System Profile used for?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and access points that support RAP configuration. This article also applies to versions of ArubaOS after 3.4 that support the APs.


In case connectivity between a remote AP and the controller is lost, the IPsec Max Retries value governs the number of times the RAP tries to rebuild the IPsec tunnel before the RAP resets or reboots.


The default value is 360 retries and it can be modified as per the network latency requirements. However, if you decrease the value and the WAN fluctuates, the RAP may reboot too often. In this case, the 360 retries with about 2 seconds between each retry would go on for about 15-20 minutes, based on the latency of the network that governs the time it takes for each retry.


To modify the default value from the CLI:


(orion.arubanetworks.com) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(arubanetworks.com) (config) #ap system-profile default
(arubanetworks.com) (AP system profile "default") #number_ipsec_retries ?
<number_ipsec_retries> Number of times RAP will try to retry IPSEC with master, after which it will reboot. 0 disables the reboot. Range: 0-1000. Default: 360.


To modify the default value from the GUI:


Navigate to Configuration > AP Configuration > Edit AP Group > AP > AP System Profile. Modify the Number of IPsec Retries.

Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 06:31 PM
Updated by:
Labels (1)