Remote Networking

Reply
Occasional Contributor II
Posts: 53
Registered: ‎07-26-2010

Issue with Aventail VPN Client (443)

Hi,

I have a user who is trying to connect over our wifi to their offices using an Aventail Client on port 443. This works for them anywhere else but on our Aruba setup.

We have an open/tunnelled SSID with an ACL that permits 80/443 and other ports out to the internet, which works fine for what I would call normal 443 sites, such as hotmail etc.

However, when trying to use this Aventail client and also trying to https to the same IP address that the client connects to (which would normally produce a webpage), I can see in the client logs in the Aruba WebUI that the ACL is denying this traffic.

Has anyone come across anything like this before? They have an alternate UDP4500 VPN client which works fine, but some of their uses don't have this new client yet.

I have also tried allowing all traffic to that IP with no success, so it's almost like the controller thinks there's something unusual about this SSL traffic and is blocking it.
Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Issue with Aventail VPN Client (443)

Have you seen the document here: http://www.symantec.com/business/support/index?page=content&id=TECH81052

Not sure if it applies to your version of VPN client..


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 53
Registered: ‎07-26-2010

Re: Issue with Aventail VPN Client (443)

I had not, thanks again, I will check it out.
Occasional Contributor II
Posts: 53
Registered: ‎07-26-2010

Re: Issue with Aventail VPN Client (443)

Hi,

I'm not sure how to go about applying that fix to the Aruba Controller? I'm reluctant to fiddle with Global settings in the Firewall for obvious reason.

Another IP address that seems to generate the same deny is one owned by microsoft: https://157.55.157.84

Could someone please try accessing that IP? outside of aruba I get a cert error and a 404 not found, inside aruba I get a timeout.

Attached is a screenshot of a failed 443 to the above IP address and successful 443 to an internal server of ours.
Guru Elite
Posts: 21,001
Registered: ‎03-29-2007

Re: Issue with Aventail VPN Client (443)

What is the user role that the user is in when he tries to get to that site? Type "show rights " so we can see your ACL. In addition, what the default gateway of that subnet the user is in? What devices does the natting of those users to the internet?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: