Wireless Access

Reply
Occasional Contributor I

Problem Site to Site VPN

Hi guys,

 

I create one lab for test Site to Site VPN connection. My lab has 2 controllers 620 with VPN module enable.

 

Configuration:

 

Communication between Controller 1 and Controller 2 is ok. 

 

Controller 1 IP: 10.18.110.100

IPsec Map:

 

Crypto Map Template"TEST-VPN" 100

IKE Version: 1

IKEv1 Policy: 10001

Security association lifetime seconds : [300 -86400]

Security association lifetime kilobytes: N/A

PFS (Y/N): N

Transform sets={ default-transform }

Peer gateway: 10.10.10.5

Interface: VLAN 110

Source network: vlan 110

Destination network: 192.168.30.0/255.255.255.0

Pre-Connect (Y/N): Y

Tunnel Trusted (Y/N): Y

Forced NAT-T (Y/N): Y

Uplink Failover (Y/N): N

IP Compression (Y/N): N

 

Controller 2 IP: 10.10.10.5

Ipsec Map:

 

Crypto Map Template"TEST-VPN" 100

IKE Version: 1

IKEv1 Policy: 10001

Security association lifetime seconds : [300 -86400]

Security association lifetime kilobytes: N/A

PFS (Y/N): N

Transform sets={ default-transform }

Peer gateway: 10.18.110.100

Interface: VLAN 10

Source network: vlan 10

Destination network: 192.168.113.0/255.255.255.0

Pre-Connect (Y/N): Y

Tunnel Trusted (Y/N): Y

Forced NAT-T (Y/N): Y

Uplink Failover (Y/N): N

IP Compression (Y/N): N

 

Phase 1 is ok but Phase 2 doesn’t work:

 

Screen Shot 2017-11-23 at 11.07.17 AM.png

 

Logs:

 

Screen Shot 2017-11-23 at 11.06.39 AM.png

The above log shows problems related to IKE Phase 2. Does anyone know what might be happening?

 

Thanks!

 

Guru Elite

Re: Problem Site to Site VPN

What type of authentication do you have configured? It is probably good that you start with a simple example like the one here:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VPNs/Site_to_Site_VPNs.htm#vpns_1856148693_1006191 and then customize that to make your own.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Problem Site to Site VPN

Hi Colin,

 

Thanks for help me!

I had followed this guide to make my Site to Site VPN. I used Ikev1 with 3DS+SHA and Pre-shared key. Both controllers are configured with Master role.

 

I check the pre-shared key passaword and test in other 2 controller. The error is same.  

 

Thanks,

 

Felipe.

Guru Elite

Re: Problem Site to Site VPN

It would seem that the parameters on the map in the controllers do not match.  the VPN goes through all the maps one by one looking for a match.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: