Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

No IPsec Tunnel between VMM (Hyper-V) and hardware MD

This thread has been viewed 16 times

  • 1.  No IPsec Tunnel between VMM (Hyper-V) and hardware MD

    Posted Sep 22, 2020 08:57 AM

    Hello Airheads,

     

    I'm having problems with a new Installation of two VMM's (running on Hyper-V) and four 7220 MDs. VMM's are already configured to the point, where L2 Master Redudancy is running. VRRP is working good now (after some stating issues).

    Problem is now that the IPsec Tunnel (using PSK) to the testing MD is not coming up. The MD is a brand new controller and was never in use before.

     

    VMM's log showing:

    Sep 22 14:23:29 isakmpd[5142]: <103103> <5142> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:10.6.0.17:4500 id:4133938274 errcode:ERR_IKESA_EXPIRED saflags:0x51 arflags:0x0

     

    MD log:

    Sep 22 14:24:01 isakmpd[3594]: <103103> <3594> <WARN> |ike| 10.6.0.22:4500-> IKE SA Deletion: IKE2_delSa peer:10.6.0.22:4500 id:4056671220 errcode:ERR_IKE_NOTIFY_PAYLOAD saflags:0x41000015 arflags:0x20

     

    It is also strange that the MD is not able to ping the VRRP IP (10.6.0.22) but is able to ping the VMM's (10.6.0.20 & 10.6.0.21).

     

    Does someone have an idea about this problem?



  • 2.  RE: No IPsec Tunnel between VMM (Hyper-V) and hardware MD
    Best Answer

    Posted Sep 24, 2020 06:50 AM

    Couldn't see the forest for the trees. Found my very dump error... Added local controller psk in the wrong location.

    For everyone having the same problem: Just add local controller IPsec key in the right location.

     

    I'm so ashamed about myself.