Controllerless Networks

Reply
Highlighted
Occasional Contributor II

iap-vpn to AOS8 virtual mobility controller

Hi All,

 

Has anyone had any success in setting up iap-vpn from an iAP cluster back to a AOS8 VMC?  I've already seen the docs saying that this is only supported from 8.3.0.0 on virtual and have upgraded my test VMC to this release.

 

I have tried exporting the default cert from the VMC and importing it on the iAP with no success, keep seeing the errors below.

 

Jun 11 15:18:25 authmgr[5603]: <522125> <5603> <WARN> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
Jun 11 15:18:25 isakmpd[5526]: <103061> <5526> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert

 

Nothing listed in the show iap table either.

 

DHCP pool for the IAPs seem to be getting consumed as the in use number keeps clocking up.

 

(devtapl2002.stbc2.jstest2.net) [mynode] # show vpdn l2tp local pool

IP addresses used in pool default
192.168.201.140-192.168.201.149

L2TP Pool statistics for all pools:

IPv4/IPv6 Pool Configured Used Free

-------------- ---------- ------ ------

IPv4 116 10 106

IPv6 0 0 0

 

 

User table on the controller seems to be being populated with data...

 

(devtapl2002.stbc2.jstest2.net) [mynode] #show user
This operation can take a while depending on number of users. Please be patient ....

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name User Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ---------
192.168.201.143 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.158 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.155 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.145 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.148 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.150 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.147 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.153 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.156 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.141 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.142 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.159 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.154 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
10.182.172.162 00:00:00:00:00:00 logon 00:00:13 VPN N/A tunnel WIRELESS
192.168.201.144 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.149 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.151 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.146 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.152 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.157 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.140 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
10.182.188.163 00:00:00:00:00:00 logon 00:00:03 VPN N/A tunnel WIRELESS

 

 

Thanks in advance,

Matt.

 

 

 

Occasional Contributor I

Re: iap-vpn to AOS8 virtual mobility controller

Hi All,

I have same problem. I am not able to terminate VPN tunnel to VMC  Version 8.4.0.1. 

I have read that:

"Through Activate, you can push only one default self-signed certificate to Instant AP which can be used to establish
IPsec tunnel with Mobility Controller Virtual Appliance."

 

I have terminated my IAP even on Activate, but can't find any option there to download cert. Is it automatically downloading cert from activate or do I need to do something there?

 

Thing is that after connection to activate nothing has been changed. Still VPN tunnel is not UP on IAP.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: