01-15-2014 08:39 AM
I'm a relative newbie with Aruba and am trying to get remote access to our office network set up using VIA and a Mobility Controller 3400. I've gone through the setup process described in the PDF version of the Aruba Virtual Intranet Access User Guide and have gotten to the point where a VIA client connects, downloads a profile and then immediately disconnects. The web login also works and a user is able to download the client from there after authenticating.
I've run out of things to troubleshoot and would appreciate any suggestions or helpful tips anyone might have on getting this running. For simplicty, I'm using the internal authentication on the mobility controller for authentication but would eventually want to use Active Directory on a Windows Server 2012 box for authentication in the future.
Thanks for any suggestions you might have!
Solved! Go to Solution.
01-15-2014 05:08 PM
If you're saying the client has a valid profile, and when connecting using that profile, the connection fails, the following info
can be helpful.
Sometimes the most useful info is from the client Diagnostic logging, and basic
connectivity testing from client to the controller.
Ensure the profile downloaded has provided a valid IP for the controlle.
On the controller, check the datapath during the client connect to see inbound traffic,
we're usually looking for ports 443, 4500, 500
show datapath session
Enable debug logging:
logging level debugging user-debug <client mac>
logging level debugging security process crypto subcat ike
logging level debugging security process authmgr
Check inbound IPSEC traffic
show crypto isakmp sa
show crypto ipsec sa
show datapath tunnel
If this proves ineffective, I'd recommend to open a case with Aruba Technical Support, provide the VIA client logs, and any controller data you've gathered.
Hope this Helps.
Aruba Networks Customer Advocacy
01-15-2014 08:26 PM
A couple of things to note and check:
- By proving that a client can connect to /via and download the client and profile, you have proven that your VIA Web Authentication Profiles are working properly; including the authentication profile being used for it.
- The VIA Connection Profile is going to dictate what happens next from a connection/authentication standpoint; confirm the downloaded profile has the proper IP/DNS name for the controller
- Confirm UDP 4500 is open between the VIA client and the controller
- Do you have an L2TP pool setup?
- What OS is the VIA client?
- What type of authentication are you using within your VIA Connection profile that is downloaded to the client; IKE v1 or v2; if v2 is it eap-mschapv2, eap-tls or user-cert?
- Check the VIA connection logs
- Check the system log on the controller (show log system XX; for last XX events....check when it fails)
- Enable debugging as suggested by sadams above
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
01-17-2014 05:29 AM
Just had some issues myself with VIA client.
I had web authentication working, client downloaded, it even downloaded a profile and connected. Just ran default settings more or less.Everything looked sweet.
After a machine restart I couldn't get a connection.
Investigating the connection profile advanced settings, I saw that auto log in, and use windows credentials was ticked.
That might be your issue as well. That the downloaded profile actually tries to authenticate using windows credentials, with auto log in.