Wireless Access

Reply
SPF
Contributor I

SSL fallback

 

Hi,

 

We are testing the SSL fallback option with SSO. We noticed that when the connection attempts with IPSEC failed, the client turns on SSL mode. The problem is that the first time that the client connects witch SSL, in order to download its authentication profile, the connection should be manually launched. I mean, the client does not launch the connection automatically in SSL mode the first time when IPSEC mode is not allowed. Is that the expected behaviour? Shoud not this first connection turn on automatically to SSL mode without human interaction?

 

Thanks and regards,

 

 

 

 

Guru Elite

Re: SSL fallback


SPF wrote:

 

Hi,

 

We are testing the SSL fallback option with SSO. We noticed that when the connection attempts with IPSEC failed, the client turns on SSL mode. The problem is that the first time that the client connects witch SSL, in order to download its authentication profile, the connection should be manually launched. I mean, the client does not launch the connection automatically in SSL mode the first time when IPSEC mode is not allowed. Is that the expected behaviour? Shoud not this first connection turn on automatically to SSL mode without human interaction?

 

Thanks and regards,

 

 

 

 


The first time domain preconnect is launched the client must launch the connection.  Are you combining that with SSL failback?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

SPF
Contributor I

Re: SSL fallback

 

Hi,

 

Thanks Joseph.

We are not using pre-connect option. Moreover, preconnect option works only with IKEv2, and SSL works with IKEv1, so they are incompatible.

 

We are using Autologin and Windows Credentials combined with SSL fallback.  We dont understand why in the first connection (download of the authentication profile) the SSL mode is not launched autmatically when IPSEC fails. 

 

The process is the following:

1.- We launch the VIA client and enter the user/pwd for the profile download.

2.-The authentication profile is downloaded.

3.- Client automatically  tries to establish the IPSEC connection. After the number of attempts defined the connection fails. The clients status is disconnected.

4.- User has to launch the connection again manually. User authentication is granted and SSL connection is success.

 

Is that a normal behaviour? We think than the step 4 should be transparent for the user...

 

Thanks and regards,

Guru Elite

Re: SSL fallback


SPF wrote:

 

Hi,

 

Thanks Joseph.

We are not using pre-connect option. Moreover, preconnect option works only with IKEv2, and SSL works with IKEv1, so they are incompatible.

 

We are using Autologin and Windows Credentials combined with SSL fallback.  We dont understand why in the first connection (download of the authentication profile) the SSL mode is not launched autmatically when IPSEC fails. 

 

The process is the following:

1.- We launch the VIA client and enter the user/pwd for the profile download.

2.-The authentication profile is downloaded.

3.- Client automatically  tries to establish the IPSEC connection. After the number of attempts defined the connection fails. The clients status is disconnected.

4.- User has to launch the connection again manually. User authentication is granted and SSL connection is success.

 

Is that a normal behaviour? We think than the step 4 should be transparent for the user...

 

Thanks and regards,


Are you blocking ipsec or UDP 4500 when this happens?  Which client are you using?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

SPF
Contributor I

Re: SSL fallback

Hi Joseph,

 

The VIA cliente version is 2.1.0.3.

IPSEC connections (port UDP 4500) is blocked in our firewall for testing SSL.

The behaviour described below is always done when starting the computer or VIA client.  Should the client connect automatically with SSL, should not it?

 

Thanks and regards,

 

SPF
Contributor I

Re: SSL fallback

Hi Joseph,

 

Do you have any news about this problem?

 

Thanks!

Guru Elite

Re: SSL fallback

It should connect automatically with SSL.  Please have TAC take a look at your setup.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

SPF
Contributor I

Re: SSL fallback

 

Hi,

 

We have already upgraded to the last controller version 6.2.1.4 and VIA version 2.1.1.3.40312.

Once we have enabled de SSL fallback option, sometimes we observed that the client has two or three IPSEC connection attemps failed and later it turns into SSL mode and establish the SSL connection automatically.   Nevertheless, sometimes the client after changing the mode to SSL, does not launch the connection automatically and the client remains disconnected. Is that behaviour normal?

 

Another question, it is possible to limit the number of IPSEC connection attemps?

What has to do the max authenticaction  failures  (defined in the VIA authentication profile) with the Maximum reconnection attempts (defined in the VIA connection profile)? These values  have to match, have not it?

 

Thanks in advance,

 

Regards,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: