Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

7005 and VIA client connection problem

This thread has been viewed 21 times
  • 1.  7005 and VIA client connection problem

    Posted 14 days ago
    Hello!

    I've just replaced my ol' 605 controller with a 7005, and just can't get the VIA clients to connect.
    I have followed the online guidelines as best as I can, but no :(
    The authentication and profile downloading phases seems fine, but I just get a "Failed to establish secure session - code 8949".
    The green circle is just keep spinning and spinning....
    I have the firewall ports 443, 500, 4343 and 4500 opened and redirected to the controller.

    The clients are tested with the same result on Win10 and 11.
    Sidenote: iOS client never display the specific 8949 error, just a generic "host is unreachable" is displayed instead..

    Controller:
    Aruba 7005
    ArubaOS 8.7.0.0 (Digitally Signed SHA1/SHA256 - Production Build)
    Licenses: ( Transferred from the 605 )
    •  - 4 * Next Generation Policy Enforcement Firewall Module
    •  - 4 * Access Points
    Any ideas or suggestions are highly appreciated
    /Bjarne

    ------------------------------
    Bjarne Ingelsson
    ------------------------------


  • 2.  RE: 7005 and VIA client connection problem

    Posted 14 days ago
    Did you try to configure/test VIA on your local LAN so that your firewall is not a factor?  That would eliminate any firewall issues.

    EDIT:  Did you look at the detailed instructions in the VIA remote access guide here?  Aruba Support Portal
    Arubanetworks remove preview
    Aruba Support Portal
    View this on Arubanetworks >




    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: 7005 and VIA client connection problem

    Posted 14 days ago

    Hello and thanks for your fast reply.

    Actually, that's a no on both questions.

    I will definitely setup a profile for local access, don't know why I haven't thought of that already ( facepalm in progress )

    I've found other VIA setup guides, but not this particular one.

    I keep you updated!




    ------------------------------
    Bjarne Ingelsson
    ------------------------------



  • 4.  RE: 7005 and VIA client connection problem

    Posted 13 days ago
    Hello again, just tried setting it up locally and ended up with the same problem, the firewall is excluded.

    The old 605 controller is still running and I redirected 443 & 4500 back to that box and the clients connected successfully.
    (The 605 controller runs ArubaOS 6.2.1.4)

    Is there any VIA specific diagnostic/logging I can run in the 7005 perhaps to troubleshoot it?
    I'm really stuck here :o/
    /Bjarne

    ------------------------------
    Bjarne Ingelsson
    ------------------------------



  • 5.  RE: 7005 and VIA client connection problem

    Posted 13 days ago
    I didn't look at your first post carefully.  To connect VIA, you either need the LIC-PEFV or LIC-VIA license.  If you don't have one, you can generate a temporary one using asp.arubanetworks.com

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 6.  RE: 7005 and VIA client connection problem

    Posted 13 days ago

    License issue? Ouch!
    There was one 605 license that couldn't be transferred (incompatible...), guess that's the one..
    Thanks a bunch for the info! I'll try and fetch a new one



    ------------------------------
    Bjarne Ingelsson
    ------------------------------