Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Is IKE fragmentation supported in Aruba OS?

This thread has been viewed 4 times

  • 1.  Is IKE fragmentation supported in Aruba OS?

    Posted Dec 04, 2012 12:16 PM

    Hi!

     

    We're having some issues with native IPSEC VPN clients (booth in Windows and Mac OS X) connecting to our Aruba 3200-controller.   The clients are authenticating with certificates (IKE RSA AuthN). The same user certificates works great with wifi and while using the VIA-client. There seems to be some issues with IKE fragmentation according to the log files:

     

    --

    message_fragment_check Dropping IKE fragment because IKE fragmentation is not supported

    --

     

    Can anyone tell for sure if Aruba OS supports any form of IKE fragmentation? Or does someone has experience with equal setup and got it working?

     

    Thank you!

     

    /Fredrik.



  • 2.  RE: Is IKE fragmentation supported in Aruba OS?

    Posted Dec 28, 2012 04:46 AM

    The reason for the message of IKE fragment not supported looks like, that the MAC OS client is not sending the Fragmentation vendor ID in the IKE fragments. Hence the packets are dropped.

     

    You can find additional information about IKE fragmentation on

    http://msdn.microsoft.com/en-us/library/cc233458.aspx

    http://www.ietf.org/rfc/rfc2408.txt (Section 3.16)