Wireless Access

Reply
Highlighted
Frequent Contributor II

Re: Trouble converting RAP tp CAP

here are the VPN Settings (attached image)vpn settings.jpg

Highlighted
MVP

Re: Trouble converting RAP tp CAP

Controller config is pretty straightforward - as explaiked by colin.

Make sure you have it whitelisted. Then from the inside try to provision it as a Rap towards the inside ip of your controller.

If that works - reprovision to the public facing IP.

UDP 4500 / Nat-T.

Also note that the internal-IP that you forward to should be in the same subnet as your controllers default gw is..

Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Highlighted
Frequent Contributor II

Re: Trouble converting RAP tp CAP

Thanks for the help so far. I tried again today, with no success.

 

I have the RAP's MAC whitelisted. It's in AP Installation/whitelist/remote AP. It is set to cert type = switch-cert and state is approved-ready-for-cert.

 

One thing I know not to do is to set control plane security to enabled! I just knocked out 90 AP's with that little experiment.

 

I tried to convert to both the internal address as well as the external. 

I currently have my AP connected to my internal LAN. It has been given a DHCP address of 10.1.0.112. My controller is at 10.1.1.38

I will try the earlier monitoring commands in this thread, now that I know the internal IP of the RAP

Highlighted
Frequent Contributor II

Re: Trouble converting RAP tp CAP

OK, doing a convert using 10.1.1.38 as my controller and 10.1.0.112 as my "Master" IP, then doing the commands:

show datapath session table 10.1.0.112 shows no data flowing

 

show crypto ipsec sa peer 10.1.0.112 shows no active IPSec SA.

 

here internally, I am going through a miniswitch to a switch port shared by this PC. So I'll next try putting it on its own port. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: