Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Remote AP connection via IPsec

This thread has been viewed 5 times

  • 1.  Remote AP connection via IPsec

    Posted Jan 29, 2015 11:36 PM

    Hello:

     

    I am brand new to Aruba. I am testing some Aruba equipments right now. The AP that is local to my controller (7005) are working fine. The problem I have is with the 225AP at a remote location. Here is the basic setup

     

    225 --SW--- PA(Firewall) ------IPSEC -------PA(Firewall) -------Controller 7005---DNS Server

     

    From the remote network, I can ping aruba-master and resolve via nslookup. Once the AP got the DHCP address, I can ping the AP from the controller and the controller from the AP. But the AP will never assocaite with the controller. 

     

    I have try to console into the AP, it will sit at the Master:    screen, then reboot. I did try to hardcode the controller IP, once I did that. The AP will show up inside the controller with the I,D Flag but I cannot do anything to it. I try to change the profile, but the AP never restart. 

     

    I did a capture on both end of the firewall, some UDP aruba-papi traffic got drop. I suspect MTU between the tunnel was the problem. I drop the MTU to 1400 but no luck. 

     

    I did plug the AP at the local network at first and all work fine, but once I relocate them. It stop working...

     

    Have anyone run into a similar problem? Any suggestion would be appreciated. 

     

    Gary 


    #AP225


  • 2.  RE: Remote AP connection via IPsec

    EMPLOYEE
    Posted Jan 30, 2015 01:14 AM
    Go to configuration> wireless> ap configuration. Edit the ap-group that your access point is in. Expand Ap > System Profile. Click on Ap System Profile. If there is an LMS-IP, remove it.


  • 3.  RE: Remote AP connection via IPsec

    Posted Jan 30, 2015 02:50 AM

    Did u deployed the AP as RAP or CAP? because as far as it's looks - GRE will not pass the two firewalls you got - I advise you to pre configure the AP as RAP (it will be based on IPSEC) and then your AP will be able to contact the controller without the ID

     

    read here:

    http://www.jeremygood.net/2010/04/how-to-deploy-aruba-remote-access-point_14.html

     

    or read this PDF

    http://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/268/1/RAP%20Installation-Updated.pdf

     

     



  • 4.  RE: Remote AP connection via IPsec

    Posted Jun 01, 2015 02:33 PM

    Sorry for the late reply. We finally fix the issues couple weeks ago. Aruba support keep having us run around during troubleshooting. At the end of the day, we figure it out the problem is dealing with MTU size, my initial MTU 1150 was not small enough. Once we drop it to 1100, it start working.

     

    Thank for the suggestion. We finially can roll out the new solution.