Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAPNG - did I miss something

This thread has been viewed 2 times

  • 1.  RAPNG - did I miss something

    Posted Mar 05, 2017 02:55 PM

    Hi guys. Still working in my labs. Been through the IAP-VPN section of the guide .... but after setting up i see that the RAP takes one IP from local pool, disconnects - reconnects with a new IP - disconnects... etc. 

     

    Mar 5 20:51:34 fpapps[5184]: <399838> <5189> <WARN> |fpapps| Received TUN_DOWN from IKE for 12.12.12.1-192.168.110.104
    Mar 5 20:51:34 fpapps[5184]: <399838> <5189> <WARN> |fpapps| Received TUN_UP from IKE for 12.12.12.1-192.168.110.105 mapid 0, vlanid 0, flags = 0x0 uplink_priority 0
    Mar 5 20:51:34 fpapps[5184]: <399841> <5189> <ERRS> |fpapps| |configuration| Configuration error: Unable to find the ipsec map for tunnel down event. ip 192.168.110.104 in procIkeIpsecMsg, arubaIpsecRouteUtils.c:421.



  • 2.  RE: RAPNG - did I miss something

    Posted Mar 05, 2017 11:16 PM

    Hi Jakob,

     

    Is there a firewall in between IAP/Controller which could be blocking IPSEC traffic?

     

    Is the IAP already whitelisted/ part of trusted branch-db on Controller?



  • 3.  RE: RAPNG - did I miss something

    Posted Mar 06, 2017 02:17 AM

    Hi

    thanks for getting back to me.

    The firewall is opened for UDP4500 and port forwarded to internal IP for controller, and IAP is behind a any-any firewall.

    Should probably mention: 

    - Controller is VMC standalone 8.0.1

    - IAP is 6.5.1.0-4.3.1.1_57902 - and controlled by Central.

     

    I find very little configuration possibilities in regards to VPN on Central; no NAT Traversal. 

     

    also - the guide mentions nothing in regards to routing for VPN traffic - but that should be handled by OSPF setup?