11-01-2012 12:40 PM
I have VIA finally working with EAP-TLS. :) Now I'm having an issue with how my new IAS RAP for my VIA clients is working. About half of my mobile users will be using the new VIA IAS RAP and they belong to a windows security group: domain\viausers but, these users also belong to our corporate wireless security groups too. for example:
Remote access policy for our Corp Wireless users looks like this: Order is 2
NAS-Port-Type matches "Wireless - Other or Wireless -IEEE 802.11" AND Windows-Groups matches "domain\corpwirelessuser"
Remote access policy for the VIA users looks like this: Order is 3
NAS-Port-Type matches "Virtual (VPN)" AND Windows-Groups matches "Domain\viausers"
The problem is if the user is in both groups the user never processes the VIA remote access policy. I'm I missing something?
11-01-2012 12:41 PM
What is the full eventviewer message when the user fails?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
11-01-2012 01:20 PM
Check the event log for a VIA connection that was processed by the Wireless Policy. In the log, look for the entry for NAS-Port-Type. What does it say? The connection attempt has to match the conditions, so if your VIA connections are hitting the Wireless Policy, they must be matching those conditions you have set.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX