Configuring VIA VPN using IKEv1 and Internal User Database

By ckokstar posted Sep 17, 2014 04:58 PM


Configuring VIA VPN using IKEv1 and Internal User Database



The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones from mobile hotspots. This solution template will generate full a configuration of VIA using IKE version 1 and Internal User Databases for authentication and role assignment.


Platform Tested

Aruba Mobility Controller 3400 running AOS build 38111, AOS (38660)

VIA Version 2.0.1 running on Apple iPad 3 iOS version 6.0.1(10A523)


Configuration Notes

Firewall Policy

In the case if the VIA controller is directly connected to the public Internet. The following rules should be applied to the external physical interface to only permit the services needed and protect all other services from public access.


ip access-list session internet
  any host svc-https  permit log
  any host svc-natt  permit
  any host svc-ike  permit
  any host svc-esp  permit
  any any any  deny log

interface gigabitethernet 1/3
        description "Internet Connection - ISP x"
        trusted vlan 1-4094
        ip access-group "internet" session
        switchport access vlan 10



PEFV and PEF Licenses needed by this solution template.


Network Topology


  • Solution Exchange Demo


  • Aruba Virtual Intranet Access (VIA) Client Video Data Sheet



See Aruba VIA Application Note for more details.