cancel
Showing results for 
Search instead for 
Did you mean: 

Layer 3 Adoption/Provisioning Issues

luke_jeffries
New Contributor II
Hi All. I have purchased some additional AP's for a client (r310's). They will be using these at a remote location. 
I am setting these up at my office temporarily before deploying them, so they are in the same sort of layer 3 setup as they will be when deployed, however I am having some issue getting them provisioned.
At the moment, they show up in the zone director and I can adopt them, however they get stuck in a provisioning/disconnected loop.

The main site (where the zone director is located) has a bit of a crappy setup in the fact it has a double nat. There is a small DSL router sat on the end of the Internet connection and then a smoothwall firewall/webfilter with the zone director sat behind that. I have ports 12222-12223 and 11443 (secure upgrades) forwarded on both firewalls, and as mentioned the AP's show in the ZD console, so the connectivity is working to some extent.

The logs on the AP's say such things as:

Failed to download avp port mapping
failed|control file download problem
Failed on processing Configuration Response Message

Im really stumped now and can only think the double NAT is the issue, any suggestions?
4 REPLIES 4

diego_garcia_de
Contributor III
I'm not 100% sure but in smartzone you had to tell the controller what it's outside ip was (which was subsequently used to tell the APs where to connect) I would guess you need something similar in ZD? Also, given that you have this setup in your lab, can you see the AP trying to reach any other port on the outside IP? Cheers.

luke_jeffries
New Contributor II
Hi, Ive not checked outgoing on my side, however i can see the incomming requests on the firewall at the other end and I can see the ports above being hit.
I had similar thoughts about the public IP, but i cant find anything in the ZD web interface to set it. Possibly a command line setting?

victor_cenac
Contributor
Try also opening port 21. The download is happening over FTP, not LWAPP.

luke_jeffries
New Contributor II
Hi Victor
I did have FTP open, however i was having issues with PASV ports due to the double NAT. I've since turned on secure upgrades, which uses a HTTPS port instead (11443). Before i turned this on (and with FTP on), i couldnt even adopt the points.