Security

Reply
Contributor I

VIA Failed to Establish Secure Session

VIA client version: 2.3.2

Controller version:6.4.3.6

Does anyone have any idea?

Thanks

Guru Elite

Re: VIA Failed to Establish Secure Session

Do you see authentication failures or passes on Clearpass in the access tracker when you try to authenticate?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Aruba Employee

Re: VIA Failed to Establish Secure Session

A quick look, I noticed that your vpdn group l2tp is disabled:

 

vpdn group l2tp
  disable
  client configuration dns 168.95.1.1 
  no ppp authentication PAP

 

Thanks,

Zach Jennings
Contributor I

Re: VIA Failed to Establish Secure Session

Dear Colin,

I didn't see any authentication failures or passes on Clearpass in the access tracker when you try to authenticate.

Clearpass configuration had been attached.

Thanks

Contributor I

Re: VIA Failed to Establish Secure Session

Dear Zach,

I was configured follow the "VIA APP Note" version 1 page 29.

It shows "enable L2TP" uncheck.

Thanks

Guru Elite

Re: VIA Failed to Establish Secure Session


Derek_Sun wrote:

Dear Colin,

I didn't see any authentication failures or passes on Clearpass in the access tracker when you try to authenticate.

Clearpass configuration had been attached.

Thanks


 

Is there a firewall between your VIA client and the controller?

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: VIA Failed to Establish Secure Session

A couple of things you need to have in place for VIA to work properly (some of these you may have already in place)
- The controller needs a public IP address allowing port UDP/4500
- make sure that the inner IP addresses is a routable network in your infrastructure (l2tp pool)
- and Zach pointed out you need L2TP enabled
- In ClearPass you need to add the Inner IP Addresses as a radius client ( Network > Devices > )
- And your service needs to allow PAP as a authentication protocol

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: