Security

Reply
Occasional Contributor I
Posts: 9
Registered: ‎02-19-2008

VIA and IAS Remote Access Policies

I have VIA finally working with EAP-TLS. :) Now I'm having an issue with how my new IAS RAP for my VIA clients is working.  About half of my mobile users will be using the new VIA IAS RAP and they belong to a windows security group: domain\viausers but, these users also belong to our corporate wireless security groups too.  for example:

 

Remote access policy for our Corp Wireless users looks like this:  Order is 2

 

NAS-Port-Type matches "Wireless - Other or Wireless -IEEE 802.11" AND Windows-Groups matches "domain\corpwirelessuser"

 

Remote access policy for the VIA users looks like this: Order is 3

 

NAS-Port-Type matches "Virtual (VPN)" AND Windows-Groups matches "Domain\viausers"

 

The problem is if the user is in both groups the user never processes the VIA remote access policy.  I'm I missing something?

 

 

 

 

 

 

 

 

 

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: VIA and IAS Remote Access Policies

What is the full eventviewer message when the user fails?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: VIA and IAS Remote Access Policies

Check the event log for a VIA connection that was processed by the Wireless Policy.  In the log, look for the entry for NAS-Port-Type.  What does it say?     The connection attempt has to match the conditions, so if your VIA connections are hitting the Wireless Policy, they must be matching those conditions you have set.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: