Aruba Solution Exchange

Configuring VIA VPN using IKEv1 and Internal User Database

Moderator
Moderator

Configuring VIA VPN using IKEv1 and Internal User Database

 

Summary

The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones from mobile hotspots. This solution template will generate full a configuration of VIA using IKE version 1 and Internal User Databases for authentication and role assignment.

 

Platform Tested

Aruba Mobility Controller 3400 running AOS 6.2.1.1 build 38111, AOS 6.3.0.0 (38660)

VIA Version 2.0.1 running on Apple iPad 3 iOS version 6.0.1(10A523)

 

Configuration Notes

Firewall Policy

In the case if the VIA controller is directly connected to the public Internet. The following rules should be applied to the external physical interface to only permit the services needed and protect all other services from public access.

Example:

ip access-list session internet
  any host 99.109.207.68 svc-https  permit log
  any host 99.109.207.68 svc-natt  permit
  any host 99.109.207.68 svc-ike  permit
  any host 99.109.207.68 svc-esp  permit
  any any any  deny log

interface gigabitethernet 1/3
        description "Internet Connection - ISP x"
        trusted
        trusted vlan 1-4094
        ip access-group "internet" session
        switchport access vlan 10

 

Licensing

PEFV and PEF Licenses needed by this solution template.

 

Network Topology

Video

  • Solution Exchange Demo

 

  • Aruba Virtual Intranet Access (VIA) Client Video Data Sheet

 

References

See Aruba VIA Application Note for more details.

 

Version history
Revision #:
1 of 1
Last update:
‎09-17-2014 01:58 PM
Updated by:
 
Contributors
Tags (1)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.