New filters on the Home Feed, take a look!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

3
Aruba 7008 IPSec trouble after Upgrade
Post Body

Hello, i hope this is the right place for the question:

I have a remote office with an Aruba 7008 MC, connected to our main office via S2S-VPN (Sophos Firewalls). After upgrading the Aruba 7008 to AOS 8.7 it wouldn't talk to our MobilityMaster (it and its APs didn't show up in the GUI, at all). Not a big deal, everythings up, was gonna fix that in time i thought. Before i got to that someone rebooted the Controller for an unrelated issue and now the APs on that site are in a boot loop and won't even talk to the onsite controller anymore.

The following errors are in the log:

MC won't talk to MM (worked before, didn't work after AOS update, so SHOULD not be a firewall/connectivity issue unless something changed from 8.6 to 8.7):

Jun  8 14:35:36,  cfgm[3307]: <399838> <3307> <WARN> |cfgm|  LmsHeartBeatResultAction: State(CONNECTINPROGRESS:LAST SNAPSHOT:CFGID--1:PEND-0:INITCFGID:0) FD=33:Cannot heartbeat with the master.
Jun  8 14:35:37,  cfgm[3307]: <399838> <3307> <WARN> |cfgm|  LmsHeartBeatResultAction: State(READY:LAST SNAPSHOT:CFGID--1:PEND-0:INITCFGID:0) FD=33:Cannot heartbeat with the master.
Jun  8 14:35:37,  cfgm[3307]: <399816> <3307> <ERRS> |cfgm|  handle_read: State(READY:LAST SNAPSHOT:CFGID--1:PEND-0:INITCFGID:0) FD=33:Failure receiving heartbeat response header information Result=-1 Err=Connection timed out

APs in boot loop (come online, can't talk to MC, reboot again):

Jun  8 14:36:22,  sapd[3032]: <311002> <WARN> |AP "ap name/ip here" sapd|  Rebooting: Unable to set up IPSec tunnel to saved lms, Error:RC_ERROR_IKE_XAUTH_AUTHORIZATION_FAILED 
Jun  8 14:36:22,  nanny[2967]: <303086> <ERRS> |AP "ap name/ip here" nanny| Process Manager (nanny) shutting down - AP will reboot!

General IKE/IPsec error i don't know anything about, exists both for the APs and the MM:

Jun  8 14:36:20,  isakmpd[3376]: <103103> <3376> <WARN> |ike|  "MM ip here"-> IKE SA Deletion: IKE2_delSa peer:"MM ip here" id:3073384759 errcode:ERR_IKE_NOTIFY_PAYLOAD saflags:0x41000015 arflags:0x20
Jun  8 14:36:20,  isakmpd[3376]: <103103> <3376> <WARN> |ike|  "AP ip here"-> IKE SA Deletion: IKE2_delSa peer:"AP ip here" id:3073384760 errcode:STATUS_IKE_INITIAL_CONTACT saflags:0x1 arflags:0x0

Anyone got any idea how to unf*** this mess?

Author
Account Strength
100%
Account Age
7 years
Verified Email
Yes
Verified Flair
No
Total Karma
6,466
Link Karma
274
Comment Karma
6,181
Profile updated: 3 days ago
Posts updated: 1 year ago
Exkudor

Subreddit

r/ArubaNetworks

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
3 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/ArubaNetwor...