Hi,
Has anyone deployed the RAP-2WG? I can provision the RAP into an AP group but then when the RAP is plugged into the remote network it doesn't connect to the corporate HQ.
Any help gratefully received!!
Mike
RAP-2WG
Re: RAP-2WG
It works fine in a lot of our installations....
You have successfull connected the RAP in local network? So you see the RAP with IPSec-tunnel (f.e. in monitoring Ap)?
Did your RAP know the public IP (or DNS) of the OAW? At the provisioning page you can give the public ip as master and host ip.
If there is a firewall between oaw and internet: you have to forward udp 4500 to the oaw.
regards
Silvio
You have successfull connected the RAP in local network? So you see the RAP with IPSec-tunnel (f.e. in monitoring Ap)?
Did your RAP know the public IP (or DNS) of the OAW? At the provisioning page you can give the public ip as master and host ip.
If there is a firewall between oaw and internet: you have to forward udp 4500 to the oaw.
regards
Silvio
-
knight_rider
Re: RAP-2WG
Hi SIlvio,
Yes if I point the RAP to the internal IP address of the OAW ican see it it and the IPsec is up in monitoring but when I point the RAP to the public IP address I keep getting RC_ERROR_IKEP1 errors. Ihave port forwarded UDP 4500 and I have also put it in a DMZ so all traffic to the public address is sent to the OAW. I'm starting to wondering if any traffic is reaching the OAW!!
Yes if I point the RAP to the internal IP address of the OAW ican see it it and the IPsec is up in monitoring but when I point the RAP to the public IP address I keep getting RC_ERROR_IKEP1 errors. Ihave port forwarded UDP 4500 and I have also put it in a DMZ so all traffic to the public address is sent to the OAW. I'm starting to wondering if any traffic is reaching the OAW!!
Re: RAP-2WG
Hi,
what release in OAW? There where some issues in history. Try with the newest 6.1.3.2
You have done provisioning direct at the RAP2 webpage? And where do you seen the error-message: at oaw or at RAP?
check at oaw:
#show log security 10 (for last 10 messages)
#show datapath session table | include 4500 (all active session with udp 4500)
#show crypto isakmp sa (for IKE Phase 1)
#show crypto isakmp sa peer <rap ip>
maybe you see there the reason. And compare the outputs with a successfull connection (if the rap is inhouse).
The error looks like wrong or missing ike-key (in userguide: No reply to 1st IKE packet. Controller could be unreachable.). So your firewall seems to block something...
regards
Silvio
what release in OAW? There where some issues in history. Try with the newest 6.1.3.2
You have done provisioning direct at the RAP2 webpage? And where do you seen the error-message: at oaw or at RAP?
check at oaw:
#show log security 10 (for last 10 messages)
#show datapath session table | include 4500 (all active session with udp 4500)
#show crypto isakmp sa (for IKE Phase 1)
#show crypto isakmp sa peer <rap ip>
maybe you see there the reason. And compare the outputs with a successfull connection (if the rap is inhouse).
The error looks like wrong or missing ike-key (in userguide: No reply to 1st IKE packet. Controller could be unreachable.). So your firewall seems to block something...
regards
Silvio
-
knight_rider
Re: RAP-2WG
Hi,
I have created a mini routed network today in my lab to bypass any firewalls with 2 6450's, create the internet vlan 100 on both in the 1.1.1.x range to simulate the internet and on one 6450 created a hime user vlan(192.168.1.x) put the OAW in vlan 100 and I can get the RAP to connect and bring up the Ipsec tunnel.
Defiantley something on the Draytek 2820 firewall blocking but can think what! I have forwarded ports 4500 and 500 - didn't work, put OAW in DMZ - didn't work! Has any one installed these using a Draytek Router/Firewall??
I have created a mini routed network today in my lab to bypass any firewalls with 2 6450's, create the internet vlan 100 on both in the 1.1.1.x range to simulate the internet and on one 6450 created a hime user vlan(192.168.1.x) put the OAW in vlan 100 and I can get the RAP to connect and bring up the Ipsec tunnel.
Defiantley something on the Draytek 2820 firewall blocking but can think what! I have forwarded ports 4500 and 500 - didn't work, put OAW in DMZ - didn't work! Has any one installed these using a Draytek Router/Firewall??
