Controllerless Networks

last person joined: 19 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

iap-vpn to AOS8 virtual mobility controller

This thread has been viewed 13 times

  • 1.  iap-vpn to AOS8 virtual mobility controller

    Posted Jun 11, 2018 10:20 AM

    Hi All,

     

    Has anyone had any success in setting up iap-vpn from an iAP cluster back to a AOS8 VMC?  I've already seen the docs saying that this is only supported from 8.3.0.0 on virtual and have upgraded my test VMC to this release.

     

    I have tried exporting the default cert from the VMC and importing it on the iAP with no success, keep seeing the errors below.

     

    Jun 11 15:18:25 authmgr[5603]: <522125> <5603> <WARN> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Jun 11 15:18:25 isakmpd[5526]: <103061> <5526> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert

     

    Nothing listed in the show iap table either.

     

    DHCP pool for the IAPs seem to be getting consumed as the in use number keeps clocking up.

     

    (devtapl2002.stbc2.jstest2.net) [mynode] # show vpdn l2tp local pool

    IP addresses used in pool default
    192.168.201.140-192.168.201.149

    L2TP Pool statistics for all pools:

    IPv4/IPv6 Pool Configured Used Free

    -------------- ---------- ------ ------

    IPv4 116 10 106

    IPv6 0 0 0

     

     

    User table on the controller seems to be being populated with data...

     

    (devtapl2002.stbc2.jstest2.net) [mynode] #show user
    This operation can take a while depending on number of users. Please be patient ....

    Users
    -----
    IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name User Type
    ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ---------
    192.168.201.143 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.158 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.155 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.145 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.148 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.150 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.147 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.153 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.156 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.141 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.142 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.159 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.154 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    10.182.172.162 00:00:00:00:00:00 logon 00:00:13 VPN N/A tunnel WIRELESS
    192.168.201.144 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.149 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.151 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.146 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.152 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
    192.168.201.157 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    192.168.201.140 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
    10.182.188.163 00:00:00:00:00:00 logon 00:00:03 VPN N/A tunnel WIRELESS

     

     

    Thanks in advance,

    Matt.

     

     

     



  • 2.  RE: iap-vpn to AOS8 virtual mobility controller

    Posted May 01, 2019 02:52 PM

    Hi All,

    I have same problem. I am not able to terminate VPN tunnel to VMC  Version 8.4.0.1. 

    I have read that:

    "Through Activate, you can push only one default self-signed certificate to Instant AP which can be used to establish
    IPsec tunnel with Mobility Controller Virtual Appliance."

     

    I have terminated my IAP even on Activate, but can't find any option there to download cert. Is it automatically downloading cert from activate or do I need to do something there?

     

    Thing is that after connection to activate nothing has been changed. Still VPN tunnel is not UP on IAP.