Wireless Access

New Contributor

CAP Deployment through IPSEC Tunnel not working

Hail Community,

Myself and several SE friends have been beating our heads against this one. Scenario:

AP-225--> Branch 7005--> LAN Switch(Simulated WAN)--> HQ 7010.

We have actually tested this between several devices terminating the IPSEC tunnel, all with the exact same result.

IPSEC between the BRANCH and HQ

CAP at the BRANCH gets a local DHCP with option 43 pointing it to the HQ controller to register

AP gets to the controller, registers, gets enough of the config to push out an SSID, but you cannot connect to the SSID.  The AP is showing up Dirty intermittently on the HQ Controller.  First off, FORGET that the BRANCH is a Controller, it is just used as an IPSEC termination, ADP is disabled.  The 2 obviously things we see are this, PAPI is timing out causing the AP to perpetually bootstrap reboot, looks like its working, but it isn't.  Next is that the largest df-flag packet-size we can ping through the tunnel is 932 EXACTLY.  

  • We have adjusted the MTU in the AP System SAP, and just about anywhere else, from the switch port and beyond, all to no avail and with the same results..  932
  • Enable/Disabled Jumbo frames
  • Messed with the AMON msg's
  • Set Bootstrap threshold to 15+
  • bcmc-optimized
  • different IPSEC versions

I mean we have tried everything we can think of.  If some one out that has seen this please chime in.  If you want to lab it up, it is literally 2 controllers, 1 AP, IPSEC tunnel, register the AP on the other side and make it work!!


Appreciate any assistance.



Guru Elite

Re: CAP Deployment through IPSEC Tunnel not working

Does the controller have control plane security enabled?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Aruba Employee

Re: CAP Deployment through IPSEC Tunnel not working

Still working on this?
Search Airheads
Showing results for 
Search instead for 
Did you mean: