Hi
I am new to the AOS and have 7010 for evaluation for VPN GW
I am trying to config basic setup of Windows 10 VIA 4.4 to connect to standalone controller 7010 with AOS 8.9.3 with local user and interface
I used the Aruba SD-Branch from scratch - Part 6 - and the user manual in order to configure the required configuration but the VIA not able to complete the connection
the VIA download the profile but not able to establish
The log I can see in the Diagnostic log that IKESA_EXPIRED without explain why
isakmpd[3809]: <103103> <3809> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:10.201.162.101:50277 id:3957132487 errcode:ERR_IKESA_EXPIRED saflags:0xa00051 arflags:0x1
I enabled the debug for the security and see a lot of messages and cannot understand what is the issue
Hope if someone can help with that
isakmpd[3809]: <103063> <3809> <DBUG> |ike| modp_free entered
isakmpd[3809]: <103060> <3809> <DBUG> |ike| xlp_lib.c:process_xlp_dh2_response_ikev2:585 DH2 completed successfully
isakmpd[3809]: <103063> <3809> <DBUG> |ike| OutTfm_R
isakmpd[3809]: <103063> <3809> <DBUG> |ike| OutKe Responder grp:ike 2
isakmpd[3809]: <103063> <3809> <DBUG> |ike| <-- R NAT_D (us): ce 40 77 f9 d1 7b 57 6b 40 5f 84 a2 0d cf 99 b4 a9 a0 7e 27
isakmpd[3809]: <103063> <3809> <DBUG> |ike| NAT_D (peer): 59 e8 64 c7 3f 0a d4 bf 9b fd ee d6 8b 14 15 22 3f 48 30 3e
isakmpd[3809]: <103063> <3809> <DBUG> |ike| OutVid: added Fragmentation vendor-id
isakmpd[3809]: <103063> <3809> <DBUG> |ike| #SEND 345 bytes to 10.201.162.101(64616) (259033.332)
isakmpd[3809]: <103063> <3809> <DBUG> |ike| IKE_SAMPLE_ikeXchgSend: server instance 1 sktDescr 3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| cleanup_and_free_context delete ctx memory
isakmpd[3809]: <103063> <3809> <DBUG> |ike| initR_in_Continued: IKE2_msgRecv_resume status:0
isakmpd[3809]: <103063> <3809> <DBUG> |ike| xlp_rcv_response: Nothing to be read from cryptolib fd
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> udp_encap_handle_message ver:2 serverInst:1 pktsize:496
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_EXAMPLE_IKE_msgRecv: ip:10.201.162.101 port:64616 server:1 len:496 numSkts:8
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_EXAMPLE_IKE_msgRecv:1533: IKE2_msgRecv Called
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE2_msgRecv: dwPeerAddr: ac9a265 wPeerPort: fc68
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616->
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> #RECV 496 bytes from 10.201.162.101(64616) at 10.201.161.222 (259033.439)
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> spi={bd89a25d388ad654 832fcc3f921f1381} np=E{IDi}
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> exchange=IKE_AUTH msgid=1 len=492
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE2_xchgIn:1409
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE2_newXchg oExchange:35 bReq:0 dwMsgId:1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE2_newXchg before delXchg
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE2_delXchg Deleting exchange
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> authR_in
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InSa0: calling IKE2_newIPsecSa
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InVid
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> --> R Notify: INITIAL_CONTACT VID: 88 f0 e3 14 9b 3f a4 8b 05 aa 7f 68 5f 0b 76 6b e1 86 cc
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> b8
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Setting CLIENT flag for VIA Client
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Aruba VIA detected
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InVid
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Aruba Fragmentation request is received
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Enabling Fragmentation for this SA
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InVid
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> VID: ac 4a 8e 30 60 4a 34 c8 d5 82 78 8c dd a7 d4 85 64 cd 38 fc
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Aruba VIA UDID detected
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InVid
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> VID: 56 49 41 20 41 75 74 68 20 50 72 6f 66 69 6c 65 20 3a 20 76 69 61 61 75 74 68
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> check_aruba_vid: VIA Auth Profile : viaauth
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InVid
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> VID: 56 49 41 20 53 79 73 20 49 6e 66 6f 20 3a 20 3c 4f 53 3a 20 4d 69 63 72 6f 73 6f 66 74 20
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> 57 69
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> 6e 64 6f 77 73 20 38 20 42 75 73 69 6e 65 73 73 20 45 64 69 74 69 6f 6e 2c 20 36 34 2d 62 69 74
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> 20 3e 3c 48 6f 73 74 3a 20 44 45 53 4b 54 4f 50 2d 38 4f 4c 43 4e 42 4e 3e 00
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Aruba VIA OS detected
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InCp
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CFG_REQUEST
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:2
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:4
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:6
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:13
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> CheckCfgAttr type:7
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IP4_ADDRESS IP4_NETMASK IP4_DNS IP4_NBNS IP4_DHCP IP4_SUBNET APP_VER("Aruba V
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InCp : detected VPN client
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs entered
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs # of TS:1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs no:0 IPV4 addr:0.0.0.0 end:255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> PN Client Version = 1.0") TSi: 0.0.0.0~255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs responder: the remote switch ip is :: pxIPsecSa->dwIP 0.0.0.0 pxIPsecSa->dwIPEnd 255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs entered
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs # of TS:1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs no:1 IPV4 addr:0.0.0.0 end:255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> TSr: 0.0.0.0~255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> InTs responder: the remote switch ip is :: pxIPsecSa->dwIP 0.0.0.0 pxIPsecSa->dwIPEnd 255.255.255.255
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Notify: MOBIKE_SUPPORTEDEAP_authStateTransition: Transition Session 1:NULL from State NoState
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> to AuthDisabled
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_sessionCreate: Created EAP Session = 1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_sessionRestart: Restart EAP sessionId = 1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_sessionRestart: Full restart EAP sessionId = 1
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_passthruProcessULTransmit: Session 1:NULL Transmit Code 1 Type 1 Method State
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_METHOD_STATE_CONTINUE
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_authStateTransition: Transition Session 1:NULL from State AuthDisabled to AuthSendRequest
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> EAP_authStateTransition: Transition Session 1:NULL from State AuthSendRequest to AuthIdle
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> DoSa2_R : detected VPN client
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> authR_out
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_useCert certchain:(nil)
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_CUSTOM_useCert group ca-cert: bits: rsa:0 ec:0
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_CUSTOM_useCert: found valid Server-Cert:Server2
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_CUSTOM_useCert: got 2 certs
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> UseCustomCert: certNum:2
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_certSetChain num:2
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_certSetChain index:0 cert-len:1023 cert:0xab4134 key:0xa26f8c keylen:2018
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_certSetChain index:1 cert-len:974 cert:0xa3c6bc key:(nil) keylen:0
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_certSetChain status:0
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> OutId: status:0 authmtd:0
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> <-- R HASH_r f1 a1 a6 c7 af ee a0 e2 fd c6 fd 00 33 08 f1 ff 6d b3 a2 3f 74 e0 e5 14 72 c6 a6
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> 71 b8 bd da 87
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> #SEND 2480 bytes to 10.201.162.101(64616) (259033.532)
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Sending no:1 fragment out of 3 fragments size = 900
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_SAMPLE_ikeXchgSend: server instance 1 sktDescr 3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Sending no:2 fragment out of 3 fragments size = 900
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_SAMPLE_ikeXchgSend: server instance 1 sktDescr 3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> Sending last fragment size = 768
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> IKE_SAMPLE_ikeXchgSend: server instance 1 sktDescr 3
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> cleanup_and_free_context delete ctx memory
isakmpd[3809]: <103063> <3809> <DBUG> |ike| 10.201.162.101:64616-> udp_encap_handle_message IKEv2 pkt status:0
Thanks