Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

VIA Failed to Establish Secure Session

This thread has been viewed 14 times

  • 1.  VIA Failed to Establish Secure Session

    Posted Mar 13, 2016 08:33 AM
      |   view attached

    VIA client version: 2.3.2

    Controller version:6.4.3.6

    Does anyone have any idea?

    Thanks

    Attachment(s)

    txt
    via_lab_20160313.txt   28 KB 1 version


  • 2.  RE: VIA Failed to Establish Secure Session

    EMPLOYEE
    Posted Mar 13, 2016 08:43 AM

    Do you see authentication failures or passes on Clearpass in the access tracker when you try to authenticate?



  • 3.  RE: VIA Failed to Establish Secure Session

    Posted Mar 13, 2016 09:19 AM
      |   view attached

    Dear Colin,

    I didn't see any authentication failures or passes on Clearpass in the access tracker when you try to authenticate.

    Clearpass configuration had been attached.

    Thanks

    Attachment(s)

    docx
    ClearPass with VIA VPN.docx   146 KB 1 version


  • 4.  RE: VIA Failed to Establish Secure Session

    EMPLOYEE
    Posted Mar 13, 2016 09:27 AM
    @Derek_Sun wrote:

    Dear Colin,

    I didn't see any authentication failures or passes on Clearpass in the access tracker when you try to authenticate.

    Clearpass configuration had been attached.

    Thanks

     

    Is there a firewall between your VIA client and the controller?

     



  • 5.  RE: VIA Failed to Establish Secure Session

    EMPLOYEE
    Posted Mar 13, 2016 08:53 AM

    A quick look, I noticed that your vpdn group l2tp is disabled:

     

    vpdn group l2tp
  disable
  client configuration dns 168.95.1.1 
  no ppp authentication PAP

     



  • 6.  RE: VIA Failed to Establish Secure Session

    Posted Mar 13, 2016 09:23 AM
      |   view attached

    Dear Zach,

    I was configured follow the "VIA APP Note" version 1 page 29.

    It shows "enable L2TP" uncheck.

    Thanks



  • 7.  RE: VIA Failed to Establish Secure Session

    Posted Mar 13, 2016 09:49 AM
    A couple of things you need to have in place for VIA to work properly (some of these you may have already in place)
    - The controller needs a public IP address allowing port UDP/4500
    - make sure that the inner IP addresses is a routable network in your infrastructure (l2tp pool)
    - and Zach pointed out you need L2TP enabled
    - In ClearPass you need to add the Inner IP Addresses as a radius client ( Network > Devices > )
    - And your service needs to allow PAP as a authentication protocol

    Sent from Outlook for iPhone