Wireless Access

Reply
Contributor I

Virtual Mobility Controller and IAP-VPN

Hi,

 

I try the VMC (Virtual Mobility Controller) 8.0.1 with IAP-VPN but don't work...

 

i get the following error on security log :

isakmpd[5126]: <103061> <5126> <ERRS> |ike|   IKE_CUSTOM_useCert: can't find Server-Cert

 

Any idea ?

Contributor I

Re: Virtual Mobility Controller and IAP-VPN

This must be something to do with the fact that the x86 VMC doesn't have a TPM / factory cert.

 

I'm getting exactly the same behaviour when trying to convert an IAP-207 to a RAP:

 

From Controller:

Apr 25 15:08:58 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert
Apr 25 15:10:02 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert
Apr 25 15:11:05 <isakmpd 103061> <5314> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert

 

2017-04-25 03:09:32 ConnectTo: <public IP>
2017-04-25 03:09:32 SEND: cf1a3837ac4d970a : 0000000000000000 , np=33, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 RECV: cf1a3837ac4d970a : 0000000000000000 , np=41, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 SEND: cf1a3837ac4d970a : 0000000000000000 , np=41, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 RECV: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=33, EXHG: IKE_SA_INIT
2017-04-25 03:09:33 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:37 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:43 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:48 SEND: cf1a3837ac4d970a : 9d7fafd274f753f0 , np=46, EXHG: IKE_AUTH
2017-04-25 03:09:53IKE FAILED err: RC_ERROR_IKEP2_PKT1

 

 

Re: Virtual Mobility Controller and IAP-VPN


Chris_Denham wrote:

This must be something to do with the fact that the x86 VMC doesn't have a TPM / factory cert.



Yes...

 

No news/idea ?

ACMP 6.4 / ACMX #107 / ACCP 6.5
Occasional Contributor I

Re: Virtual Mobility Controller and IAP-VPN

Anything new on this VPN issue with Virtual Controller to solve?

 

Att,

apaiva

Re: Virtual Mobility Controller and IAP-VPN


apaiva@arpsist.com.br wrote:

Anything new on this VPN issue with Virtual Controller to solve?

 

Att,

apaiva


Get a feedback of TAC, need to try with custom certificate...

ACMP 6.4 / ACMX #107 / ACCP 6.5
New Contributor

Re: Virtual Mobility Controller and IAP-VPN

Hello,

 

It seems that IAP VPN is only supported on hardware controllers.

 

http://www.arubanetworks.com/techdocs/ArubaOS_801_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/IAP VPN Support/IAP_VPN_Support.htm%3FTocPath%3DArubaOS%2520User%2520Guide%7CInstant%2520AP%2520VPN%2520Support%7C_____0

 

 
IAP VPN is supported only on hardware mobility controllers (7000 Series and 7200 Series) including controllers that are stand-alone or managed by Mobility Master. However, IAP VPN termination is not currently supported on virtual mobility controllers. Masters (Mobility Master and Master Controller Mode) do not support any AP termination including campus APs, remote APs and IAP VPN tunnels.

Re: Virtual Mobility Controller and IAP-VPN

Yes, it is only supported on hardware controller...

 

but you can use GRE Tunnel !

ACMP 6.4 / ACMX #107 / ACCP 6.5
Occasional Contributor II

Re: Virtual Mobility Controller and IAP-VPN

Hello there

How can I start with GRE tunnel between IAP and virtual controler ver.8.3? Its not working for me.

Guru Elite

Re: Virtual Mobility Controller and IAP-VPN

Please see the "ArubaOS 8.3.0.x User Guide.pdf" guide here:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/29620/Default.aspx  Download the PDF and go to Chapter 45 (page 1019), "Instant IAP-VPN Support" to get started.  There is a subsection called "VPN configuration" that describes how to configure IAP-VPN.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Virtual Mobility Controller and IAP-VPN


@cjoseph wrote:

Please see the "ArubaOS 8.3.0.x User Guide.pdf" guide here:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/29620/Default.aspx  Download the PDF and go to Chapter 45 (page 1019), "Instant IAP-VPN Support" to get started.  There is a subsection called "VPN configuration" that describes how to configure IAP-VPN.


There is only

 

Starting from ArubaOS 8.3.0.0, IAP-VPN is supported on Mobility Controller Virtual Appliance by using default
self-signed certificate (Aruba PKI). For Instant AP to establish IPsec connection with Mobility Controller Virtual
Appliance, the controller presents a default self-signed certificate which is uploaded on the Instant AP using
Activate.

 

I will be nice to have a real example...

ACMP 6.4 / ACMX #107 / ACCP 6.5
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: