Security

Reply
Super Contributor I

Debugging VIA and IKEv2 + Certs

Hi,

I've been looking at configuring VIA + mobility controller as a possible replacement for our Juniper VPN service.

ArubaOS 6.4.3.6

OS X VIA client ( was 2.x) latest 3x one downloaded today

Local CA with client cert vpn.york.ac.uk generated

l2tp/ipsec with IKEv2 and cert authentication

 

 

The annoying thing is that I had this working with the osx 2.x client but not on the Android client. ..... so I made a few changes and now none of it works :-((

 

The version 3 client says that the remote server is  not responding. I'm getting somewhere along the route because my OCSP server can has seen a validation query coming in and its sending a valid response back.

 

I'm not seeing a user auth on clearpass so I guess its something wrong with the ipsec config.Downloading a new profile from the mobility controller works just fine though.

 

I've attached the logs from the os x VIA client.

 

How might I get some logs at the controller end to see what's going on?

Rgds

Alex

 

Attached are the logs

 

 

Guru Elite

Re: Debugging VIA and IKEv2 + Certs

I would look at your audit trail using "show audit-trail" on the controller to see if you can revert your changes.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I

Re: Debugging VIA and IKEv2 + Certs

Well getting somewhere. Now I get a message saying "Incorrect certificate, please provide correct certificate"

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: