Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP-203H Remote AP Conversion failed

This thread has been viewed 4 times

  • 1.  IAP-203H Remote AP Conversion failed

    Posted May 30, 2018 04:36 AM

    Have anyone the same problem, that an IAP-203H can't open a VPN Tunnel to the Wireless Controller?



  • 2.  RE: IAP-203H Remote AP Conversion failed

    EMPLOYEE
    Posted May 30, 2018 12:01 PM

    We would need more specifics in order to offer much help here. Are there any RAPs working on the controller you are using to convert the IAP-203H? Has the 203H been whitelisted with the controller? What version of AOS is the controller currently running?



  • 3.  RE: IAP-203H Remote AP Conversion failed

    Posted May 30, 2018 12:13 PM
    Yes there are other RAPs on the Controller, like some 303H and RAP3‘s... the Controller is running aos 6.5.4.6.
    and yes i have whitelisted the 203H before testing. I did this with a second 203h and it is the same issue


  • 4.  RE: IAP-203H Remote AP Conversion failed

    EMPLOYEE
    Posted Jul 06, 2018 06:13 AM

    I have exactly the same problem. Other AP models were able to successfully be converted except 203H. I have 205H, 207, 225 connected as RAPs to my controller running 6.5.4.6 (this also happened with 6.5.3.1). I have tried 2 units of 203H and both failed.

    I whitelisted them but only the 203H had vpn error:

     

    Jul 6 09:40:49 cli[3136]: [primary tunnel] cli_proc_rapper_msg(864): Receive rapper msg from 59168 port.
    Jul 6 09:40:49 cli[3136]: [primary tunnel] Error!!!: Received RC_OPCODE_ERROR lms 11x.2xx.8x.2xx tunnel 0.0.0.0 RC_ERROR_IKEP2_PKT1 debug-error:-8949
    Jul 6 09:40:49 cli[3136]: [primary tunnel] tunnel_err_msg_recv(1602): Error!!! Received RC_OPCODE_ERROR peer public ip 11x.2xx.8x.2xx tunnel ip 0.0.0.0, controller ip 0.0.0.0, RC_ERROR_IKEP2_PKT1 debug-error:-8949
    Jul 6 09:40:49 cli[3136]: tunnel_err_msg_recv 1624: Cause tunnel down by ipsec error, index primary tunnel



  • 5.  RE: IAP-203H Remote AP Conversion failed

    MVP EXPERT
    Posted Jul 06, 2018 06:20 AM

    Have you got sufficient free IPs in your RAP IP Pool?

     

    Received RC_OPCODE_ERROR peer public ip 11x.2xx.8x.2xx tunnel ip 0.0.0.0, controller ip 0.0.0.0, RC_ERROR_IKEP2_PKT1 debug-error:-8949


  • 6.  RE: IAP-203H Remote AP Conversion failed

    EMPLOYEE
    Posted Jul 06, 2018 07:15 AM

    I did use a RAP IP Pool but instead manually assigning IP when whitelisting the 203H. Same thing for 205H and 207. I have confirmed that there are no conflicts for the addresses whitelisted.



  • 7.  RE: IAP-203H Remote AP Conversion failed

    EMPLOYEE
    Posted Jul 06, 2018 07:22 AM

    Sorry I meant "I did not use RAP IP Pool"



  • 8.  RE: IAP-203H Remote AP Conversion failed

    Posted Nov 13, 2018 07:28 AM

    We faced same behavior and checked that this message appeared in log security:

     

    IKE_certGetKey: Found policy oid for low-assurance PKI but devices using this PKI are not allowed.

     

    So we are not sure if this device is non-TPM but addind this line in configure mode solved the issue:

     

    crypto-local pki allow-low-assurance-devices