Remote Networking

Reply
Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

VPN for iOS devices

I'm trying to configure a L2TP vpn connection for iphones and ipads. I have everything configured and am able to connect to the controller, however, I can't pass any traffic and I get disconnected on the iOS device saying the following:

"You were disconnected because the PPP server is not responding. Try reconnecting."

I can see the user connect and get a valid IP from the L2TP pool I have configured. The aruba controller can also ping this address.

I'm trying to access the IP 192.168.12.15 from the ipad and I can see the firewall hits both to and from the ipad and the end station and both are allowed.

The problem is, I'm not actually ever able to access the end station, whether its http or icmp, even though I see them being allowed in the User Firewall State.

Any ideas?
Regards,

Josh
___________
ACMP, ACCP
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: VPN for iOS devices

Question, is the ip address that the device gets from the VPN pool routable in your network? It needs to be.

In addition, the IOS client will disconnect after 90 seconds of no traffic, which is not too good for the user experience....


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: VPN for iOS devices

Well that was one of my questions. I read somewhere that they could be bogus addresses and were just for internal use within the controller. I'm guessing that isn't the case?

As of right now I'm using 172.16.1.xx which is not routable.
Regards,

Josh
___________
ACMP, ACCP
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: VPN for iOS devices

Okay,

They can be bogus ip addresses, but you need to edit the default-vpn-role to be configured like this:

config t
user-role default-vpn-role
access-list session src-nat


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: VPN for iOS devices

That did it! Thanks

In best practice, should those l2tp nat pools be routable?
Regards,

Josh
___________
ACMP, ACCP
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: VPN for iOS devices

Only if you want to be able to address them via ip address from the infrastructure side.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: VPN for iOS devices

Ok sounds good.

What I'd like to ultimately accomplish is to have users be put into different vpn roles based on their credentials from LDAP and those vpn roles tied to different address pools. Is this possible?
Regards,

Josh
___________
ACMP, ACCP
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: VPN for iOS devices

Yes, you can.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: VPN for iOS devices

Forgive my ignorance, but where would this be configured?

I thought I set a filter based on my username in the LDAP server to assign a vpn-role but it still assigns the default vpn role.
Regards,

Josh
___________
ACMP, ACCP
Aruba
Posts: 760
Registered: ‎05-31-2007

Do you have PEF-V installed on the controller?

Role based access control does require the PEF-V license...and may be a reason you are only 'deriving' default-vpn-role.

Worth verifying...
Search Airheads
Showing results for 
Search instead for 
Did you mean: