Wireless Access

Reply
Highlighted
Contributor I

RAP 8.5 over double nat'ted address

Under ArubaOS 6.5 I can connect a RAP-109 from a double nat'ted private address. Under 8.5 this is failing. Using certificate config on RAP doesn't work at all. Using username/pw on RAP I get multiple short tunnels. What changed? Is there a workaround? Using VMM, hardware 7220, RAP-109. RAP coming from 208.69.x.x address. Log from controller:

Feb 13 09:18:02 isakmpd[3846]: <103103> <3846> <WARN> |ike| IPSec SA Deletion: IPSEC_delSa SPI:eefd7b00 OppSPI:29c17e00 Dst:208.69.211.228 Src:129.82.168.24 flags:1001 dstPort:0 srcPort:0

 

# show crypto ipsec sa

208.69.211.228 129.82.168.24 192.168.193.33/32 0.0.0.0/0 UT Feb 14 07:18:08 192.168.193.33
208.69.211.228 129.82.168.24 192.168.193.60/32 0.0.0.0/0 UT Feb 14 08:12:44 192.168.193.60
208.69.211.228 129.82.168.24 192.168.193.57/32 0.0.0.0/0 UT Feb 14 08:06:42 192.168.193.57
208.69.211.228 129.82.168.24 192.168.193.53/32 0.0.0.0/0 UT Feb 14 07:58:40 192.168.193.53
208.69.211.228 129.82.168.24 192.168.193.28/32 0.0.0.0/0 UT Feb 14 07:08:05 192.168.193.28

IPSEC SA (V2) Active Session Information
-----------------------------------
Initiator IP Responder IP SPI(IN/OUT) Flags Start Time Inner IP
------------ ------------ ---------------- ----- --------------- --------
10.82.168.24 10.82.168.10 a2eba300/c763e700 UT2 Feb 14 09:02:37 -

Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2
l = uplink load-balance

Total IPSEC SAs: 60

 

Thank you!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: