Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

VIA VPN with ClearPass

This thread has been viewed 5 times

  • 1.  VIA VPN with ClearPass

    Posted Mar 17, 2017 05:23 PM

    Hello,

     

    In scenario when ClearPass is used for authentication of VIA clients based on PAP/MSCHAP as authentication method we run into situation that if VIA is loaded on non-corporate machine they can join network if good user AD credentails are used.

     

    Is there any way of allowing only corporate machines on the network through CPPM service? Thanks.

     

     

    NesaM



  • 2.  RE: VIA VPN with ClearPass

    EMPLOYEE
    Posted Mar 17, 2017 08:20 PM

    Do your corporate devices have machine certificates?



  • 3.  RE: VIA VPN with ClearPass

    Posted Mar 17, 2017 09:05 PM

    Not at the moment, though it is planned for near future. Until that happens, is there anything that can be done to guarantee non non-corporate ones can join? Thanks.

     

     

    NesaM



  • 4.  RE: VIA VPN with ClearPass
    Best Answer

    EMPLOYEE
    Posted Mar 20, 2017 03:20 PM

    You can leverage the Domain Pre-Connect feature in VIA to perform a machine authentication.

     

    http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-Domain-Pre-connect-in-VIA-and-how-does-it-work/ta-p/184550

     

     



  • 5.  RE: VIA VPN with ClearPass

    Posted Mar 28, 2017 05:16 AM

    Thanks Tim, appreciated.

     

    Customer has made a decision to move down the certificate based VIA route, so we will have to deploy that option now.

     

     

    Regards,

    NesaM