Wireless Access

Hi,

I am trying to use the via vpn client and authentication via certificate and IKEV1.

I would like to use the same certificate for the authentication as I have retrieved from Clearpass Onboarding and using for the WLAN. Is this possible?

The issue I am having is that the Aruba VIA client says: Invalid certifacte used for ISAKMP authentication. When i start the client it prompts me tho choose a certificate from the user store and it prompts the correct one, but after that the prompts just return and the logs says the error mention above.

I have exported my signing ca certificate bundle from Clearpass and added it to the controller and assigned it under CA Certificates for clients.

I have a IKE-policy with authentication RSA and the default dynamicmap for ipsec v1

Any thoughts, guides, ideas are welcome..its possible iam doing something wrong or have missunderstand something.

Bump, anyone has this set up or know how to do it? Seems like a good solution for a customer buying both Clearpass and VIA.

good question, anyone looked into it?

will put it on my list, but that is quite long :)

What does the access tracker say on CPPM when the Via auth fails?

Cheers

James

We have a working setup now but still struggling with pushing the right trusts to the client via Onboard. In our case we need to both push the Radius server certificate and the trust chain for the onboarding CA (That have generated the server certificate for the mobility controller for VIA authentication).

We can update this thread when we got it all set up, perhaps make a guide :)

cheers,

Chris,

Hope the setup works well for you. Do you have anything to share? 

Regards,

-kc