Hello,
I am trying to get CoA over Internet working between CPPM and an Instant VC.
I'll change the IP adresses for the explanations :
- My CPPM Server is accessible with a public IP 1.1.1.1
- My Instant VC has the private IP adress 192.168.0.254
- The Public IP Address of the site where the Instant Cluster is 2.2.2.2
So,
I first added the Instant VC as radius client on CPPM with the name of Instant-Demo and the IP 2.2.2.2 (the public ip). I also chose Aruba and activated CoA.
Then I added on the Instant VC my CPPM Server (1.1.1.1) with the NAS-IP of 2.2.2.2 and the NAS-ID of Instant-Demo. I made sure to select RFC 3576.
Last thing I did was to add an IP forwarding rule on my firewall where the Instant Cluster is, to redirect port 3799 to 192.168.0.254, for traffic coming from 1.1.1.1 and arriving on 2.2.2.2.
When I try to disconnect a visitor from CP Guest, It is loading a few seconds and an error is appearing, telling me to check Access Tracker. When I try manually to send the CoA message from the access tracker, the 'Failed to contact Access Control Service' appears.
Also, the application log in CP Guest give me this error message :
Client: 2.2.2.2:6742
App User: admin
Script: /guest/guest_sessions.php
Function: NwaGuestManager_GuestSessions_Disconnect
Arguments: array (
'error' => 1,
'message' => '{"content": {"cnc_actions": [{"status_message": "Radius [Aruba Terminate Session] failed for client 18af61cefdc8", "id": 1}]}, "id": "R000000b7-01-53d0fe74", "name": "cnc_response"}',
)
Does anyone have an idea of what could cause the problem ? I tried to find a way to test if the CoA message was making it to the Instant VC, but without any success. (Is that even possible ?)
Thanks a lot for your help.
Regards,
nice2k.