Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

VIA unable to download profile with client certificate authentication

  • 1.  VIA unable to download profile with client certificate authentication

    Posted Oct 14, 2020 03:27 PM

    We have EAP-TLS VIA working but I'd like the users to be able to download the profile with client certificates instead of username/password (so that we wouldn't have to put password in the installation scripts...). I've added tcp/8085 in the controller whitelist and selected the option to use client certs in connection profile, but I'm only getting "Profile selection canceled" when I try to connect to the VPNC and download the profile. It's Central managed VPNC.

     

    Anyone had similar issues?



  • 2.  RE: VIA unable to download profile with client certificate authentication

    Posted 23 days ago
    Yes, the very same issue here as well. I was struggling with this, took packet captures and monitored controller logs and datapath. Verified VIA was trying to reach controller using 8085 but since it's encrypted I wasn't able to dig into the details. Aruba TAC told me it's a bug and engineering is working on it. Unfortunately I don't have any clue when the fix is available...




  • 3.  RE: VIA unable to download profile with client certificate authentication

    Posted 19 days ago
    Hi.

    Did you guys test the 4.0.3 VIA client.
    It includes some fixes to downloading profiles.

    https://www.arubanetworks.com/techdocs/VIA/4x/Content/RNs/via-403.htm


    ------------------------------
    Tom Roholm
    ------------------------------