Thanks! Appreciate you taking the time! Will provide additional information below.
No recent change apart from the physical move of controller within infrastructure. The controller retained its IP-address, but is now communicating through a different firewall (MAC).
I had a few sample/test RAPs deployed previously, but neither is currently working.
The RAP is communicating through a NAT-device at its current location.
If by role of controller you mean master/slave. This is the master - no cluster deployment. This is the single controller in production.
I believe the RAP is authenticated using cert, but hope to be able to confirm. Perhaps you can judge by output from the aaa auth profile?
No TAC case. If this all turns out to be too big a deal I will seek some on-site assistance, but wanted to run it by the forum first :)
------------
VPN Authentication Profile "default-rap" (Predefined (changed))
---------------------------------------------------------------
Parameter Value
--------- -----
Server Group default
RADIUS Accounting Server Group N/A
Max Authentication failures 0
Check certificate common name against AAA server Enabled
Export VPN IP address as a route Enabled
User idle timeout N/A
PAN Firewall Integration Disabled
-------
(Aruba3200) #show user-table verbose | include 000b8682ea64
<no output>
-------
show log security 100 | include <RAP public IP-address>
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> #RECV 423 bytes from 78.70.34.220(34070) at 192.168.1.10 (3629731.765)
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> spi={30ed14eb18ddd12a 0000000000000000} np=SA
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> exchange=IKE_SA_INIT msgid=0 len=419
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> check_aruba_ap_vid: aruba ap eth0 mac address 000b8682ea64 vidLen = 26
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie notify-cookie ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP addr:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP pxSa:(nil) status:0
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP finished with pxSa:(nil) status:0
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie finished with ipsecSa:(nil) status:0
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route entered with ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify entered with ip:4e4622dc/ffffffff
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after socket:35 with ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify socket:35 request:35084 dev:tsgw rtflags:0 with ip:78.70.34.220
May 17 08:32:48 :103060: <DBUG> |ike| 78.70.34.220:34070-> ipc.c:controlplaneRouteModify:5187 Failed to Delete Route in Kernel: error:No such process
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after ioctl sock:35 with ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after close sock:35 with ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route finished with ip:78.70.34.220
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutInfo notify-cookie
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutCp entered
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> <-- R Notify: COOKIE#SEND 60 bytes to 78.70.34.220(34070) (3629731.772)
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> cleanup_and_free_context delete ctx memory
May 17 08:32:48 :103063: <DBUG> |ike| 78.70.34.220:34070-> udp_encap_handle_message IKEv2 pkt status:0
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> udp_encap_handle_message ver:2 serverInst:0 pktsize:423
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE_EXAMPLE_IKE_msgRecv: ip:4e4622dc port:34070 server:0 len:423 numSkts:6
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070->
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> #RECV 423 bytes from 78.70.34.220(34070) at 192.168.1.10 (3629736.765)
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> spi={30ed14eb18ddd12a 0000000000000000} np=SA
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> exchange=IKE_SA_INIT msgid=0 len=419
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> check_aruba_ap_vid: aruba ap eth0 mac address 000b8682ea64 vidLen = 26
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie notify-cookie ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP addr:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP pxSa:(nil) status:0
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP finished with pxSa:(nil) status:0
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie finished with ipsecSa:(nil) status:0
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route entered with ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify entered with ip:4e4622dc/ffffffff
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after socket:35 with ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify socket:35 request:35084 dev:tsgw rtflags:0 with ip:78.70.34.220
May 17 08:32:53 :103060: <DBUG> |ike| 78.70.34.220:34070-> ipc.c:controlplaneRouteModify:5187 Failed to Delete Route in Kernel: error:No such process
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after ioctl sock:35 with ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after close sock:35 with ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route finished with ip:78.70.34.220
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutInfo notify-cookie
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutCp entered
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> <-- R Notify: COOKIE#SEND 60 bytes to 78.70.34.220(34070) (3629736.772)
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> cleanup_and_free_context delete ctx memory
May 17 08:32:53 :103063: <DBUG> |ike| 78.70.34.220:34070-> udp_encap_handle_message IKEv2 pkt status:0
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> udp_encap_handle_message ver:2 serverInst:0 pktsize:423
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE_EXAMPLE_IKE_msgRecv: ip:4e4622dc port:34070 server:0 len:423 numSkts:6
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070->
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> #RECV 423 bytes from 78.70.34.220(34070) at 192.168.1.10 (3629741.767)
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> spi={30ed14eb18ddd12a 0000000000000000} np=SA
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> exchange=IKE_SA_INIT msgid=0 len=419
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> check_aruba_ap_vid: aruba ap eth0 mac address 000b8682ea64 vidLen = 26
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie notify-cookie ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP addr:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP pxSa:(nil) status:0
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IPSEC_findSaByIP finished with pxSa:(nil) status:0
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> IKE2_checkCookie finished with ipsecSa:(nil) status:0
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route entered with ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify entered with ip:4e4622dc/ffffffff
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after socket:35 with ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify socket:35 request:35084 dev:tsgw rtflags:0 with ip:78.70.34.220
May 17 08:32:58 :103060: <DBUG> |ike| 78.70.34.220:34070-> ipc.c:controlplaneRouteModify:5187 Failed to Delete Route in Kernel: error:No such process
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after ioctl sock:35 with ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> controlplaneRouteModify after close sock:35 with ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> delete_cp_route finished with ip:78.70.34.220
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutInfo notify-cookie
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> OutCp entered
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> <-- R Notify: COOKIE#SEND 60 bytes to 78.70.34.220(34070) (3629741.774)
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> cleanup_and_free_context delete ctx memory
May 17 08:32:58 :103063: <DBUG> |ike| 78.70.34.220:34070-> udp_encap_handle_message IKEv2 pkt status:0
--------
(Aruba3200) #show tpm errorlog
Could not find any Error Logs for TPM and Certificates.