Security

Reply
Contributor I
Posts: 27
Registered: ‎11-20-2015

VIA VPN with ClearPass

Hello,

 

In scenario when ClearPass is used for authentication of VIA clients based on PAP/MSCHAP as authentication method we run into situation that if VIA is loaded on non-corporate machine they can join network if good user AD credentails are used.

 

Is there any way of allowing only corporate machines on the network through CPPM service? Thanks.

 

 

NesaM

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: VIA VPN with ClearPass

Do your corporate devices have machine certificates?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 27
Registered: ‎11-20-2015

Re: VIA VPN with ClearPass

Not at the moment, though it is planned for near future. Until that happens, is there anything that can be done to guarantee non non-corporate ones can join? Thanks.

 

 

NesaM

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: VIA VPN with ClearPass

You can leverage the Domain Pre-Connect feature in VIA to perform a machine authentication.

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-Domain-Pre-connect-in-VIA-and-how-does-it-work/ta-p/184550

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 27
Registered: ‎11-20-2015

Re: VIA VPN with ClearPass

Thanks Tim, appreciated.

 

Customer has made a decision to move down the certificate based VIA route, so we will have to deploy that option now.

 

 

Regards,

NesaM

Search Airheads
Showing results for 
Search instead for 
Did you mean: