Wireless Access

Reply
Contributor II
Posts: 47
Registered: ‎08-10-2014

VIA VPN, Certificate using Clearpass Onboarding.

Hi,

I am trying to use the via vpn client and authentication via certificate and IKEV1.

I would like to use the same certificate for the authentication as I have retrieved from Clearpass Onboarding and using for the WLAN. Is this possible?

 

The issue I am having is that the Aruba VIA client says: Invalid certifacte used for ISAKMP authentication. When i start the client it prompts me tho choose a certificate from the user store and it prompts the correct one, but after that the prompts just return and the logs says the error mention above.

 

I have exported my signing ca certificate bundle from Clearpass and added it to the controller and assigned it under CA Certificates for clients.

 

I have a IKE-policy with authentication RSA and the default dynamicmap for ipsec v1

 

Any thoughts, guides, ideas are welcome..its possible iam doing something wrong or have missunderstand something.

MVP
Posts: 301
Registered: ‎04-03-2014

Re: VIA VPN, Certificate using Clearpass Onboarding.

Bump, anyone has this set up or know how to do it? Seems like a good solution for a customer buying both Clearpass and VIA.

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: VIA VPN, Certificate using Clearpass Onboarding.

good question, anyone looked into it?

 

will put it on my list, but that is quite long :)

MVP
Posts: 952
Registered: ‎04-13-2009

Re: VIA VPN, Certificate using Clearpass Onboarding.

What does the access tracker say on CPPM when the Via auth fails?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 301
Registered: ‎04-03-2014

Re: VIA VPN, Certificate using Clearpass Onboarding.

We have a working setup now but still struggling with pushing the right trusts to the client via Onboard. In our case we need to both push the Radius server certificate and the trust chain for the onboarding CA (That have generated the server certificate for the mobility controller for VIA authentication).

 

We can update this thread when we got it all set up, perhaps make a guide :)

 

cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Aruba Employee
Posts: 2
Registered: ‎08-02-2013

Re: VIA VPN, Certificate using Clearpass Onboarding.

Chris,

 

Hope the setup works well for you. Do you have anything to share? 

 

Regards,

-kc

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: