Remote Networking

Reply
JYL
Occasional Contributor II

VIA using Certificate

does anyone have able to configure VIA to use the EAP-TLS?

VIA with IKEv2 is now capable of using certificate on the machine.

we want to use VIA on our notebook and we want to utilize the EAP-TLS using our PKI infrastructure any documentation or help is highly appriaciated.

note: i already look on user guide 6.1 doesnt explain how to configure it.

Thanks
joey
JYL
Occasional Contributor II

Re: VIA using Certificate

does anyone use VIA? Anyone?
Guru Elite

Re: VIA using Certificate

JYL,

This is not available currently in the VIA client, as of yet.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

JYL
Occasional Contributor II

Re: VIA using Certificate

what do you mean its not available on the VIA agent?

so its in the controller but the VIA Agent cant use it?

here what i see in 6.1.0.0

aaa authentication via connection-profile "sva_via-profile"
ikev2-proto
ikev2auth eap-tls
Guru Elite

Re: VIA using Certificate

The client or agent, does not support it yet.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator

Re: VIA using Certificate

EAP-TLS in VIA *should* work but I've experienced some problems with it. Currently doing some troubleshooting with Engineering. There's a small note in the VIA release notes "known issues" that basically says "IKEv2 support is beta quality" - it is easy to miss, but unfortunately is true. We haven't been able to test IKEv2 extensively yet, but there were customers asking for it to be delivered immediately in whatever form we could - thus the reason it's been released.

Do you really need EAP-TLS? Or do you just want to perform certificate based authentication? It is possible to use IKEv2 with "ikev2auth user-cert" set in the VIA connection profile. This means the controller itself will validate the client certificate. To do this, you'll need to load a server certificate on the controller, as well as the CA's public certificate which it will use to validate the client cert. To check certificate validity (non-revoked), you can use OCSP. This setup does work, at least for the limited amount of testing that I've done.
---
Jon Green, ACMX, CISSP
Security Guy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: