Super Contributor II

Debugging VIA and IKEv2 + Certs


I've been looking at configuring VIA + mobility controller as a possible replacement for our Juniper VPN service.


OS X VIA client ( was 2.x) latest 3x one downloaded today

Local CA with client cert generated

l2tp/ipsec with IKEv2 and cert authentication



The annoying thing is that I had this working with the osx 2.x client but not on the Android client. ..... so I made a few changes and now none of it works :-((


The version 3 client says that the remote server is  not responding. I'm getting somewhere along the route because my OCSP server can has seen a validation query coming in and its sending a valid response back.


I'm not seeing a user auth on clearpass so I guess its something wrong with the ipsec config.Downloading a new profile from the mobility controller works just fine though.


I've attached the logs from the os x VIA client.


How might I get some logs at the controller end to see what's going on?




Attached are the logs



Guru Elite

Re: Debugging VIA and IKEv2 + Certs

I would look at your audit trail using "show audit-trail" on the controller to see if you can revert your changes.

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Super Contributor II

Re: Debugging VIA and IKEv2 + Certs

Well getting somewhere. Now I get a message saying "Incorrect certificate, please provide correct certificate"

Search Airheads
Showing results for 
Search instead for 
Did you mean: