Wireless Access

Reply
Highlighted
Frequent Contributor I

Branch MD -> VPNC MD -> MM

Struggling to get this working and the information out there isn't great. I have my MM/Backup uop and running, and my VPNC/Backup up and running. There is a L3 boundary between them, but no firewall.

 

I've configured my Branch MD and can see crypto ipsec up between it and my VPNC MD. However, the Branch MD cannot connect to the MM?!?

 

Steps so far:

  • Added Branch MD to MM Controller list using factory-cert.
  • Added Hub and Spoke to VPNC MDs, again using factory-cert.
  • Configured both VPNC MDs as VPNCs and added my Branch MD to the list. VPNC configured as manual (no activate in my scenario).
  • Added crypto-local isakmp route to my Branch MD for the management VLAN.

 

What can I see?

  • On the Branch MD, I can ping my VPNC MD management address.
  • Tunnel on Branch MD shows the below.
    • Initiator IP - Branch MD IP.
    • Responder IP - Public IP of VPNC MD.
    • Flags - UT2.
    • Inner IP - Nothing.
  • Tunnel on VPNC MD shows the below.
    • Initiator IP - Public IP of Branch MD.
    • Responder IP - Public IP of VPNC MD.
    • Flags - UT2.
    • Inner IP - Nothing.
  • On the Branch MD, I can see a route to my VPNC MD and MM.
    • I (MM Subnet) [0/256] ipsec map management-vpnc.
      C (VPNC MD IP) is an ipsec map management-vpnc.
  • On the VPNC MD, I can see a route to my Branch MD.
    • C (Branch MD IP) is an ipsec map default-vpnip-master-ipsecmap-xx:xx:xx:xx:xx:xx

If anyone can see anything obvious, please shout as this is driving me nuts!

Any amount of Kudos will be greatly appreciated!!!

Re: Branch MD -> VPNC MD -> MM

What is the routing table on the MM? Since it is on a different L3 segment from the VPNC, does it know about the Branch's subnet and how to route to the VPNC in order to reach the branch? 

 

It looks like most of the routing is being done statically rather than dynamically, so start there for each of the nodes along the way.


Charlie Clemmer
Aruba Customer Engineering
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: