Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

7005 and VIA client connection problem

This thread has been viewed 23 times

  • 1.  7005 and VIA client connection problem

    Posted Oct 12, 2021 05:32 AM
    Hello!

    I've just replaced my ol' 605 controller with a 7005, and just can't get the VIA clients to connect.
    I have followed the online guidelines as best as I can, but no :(
    The authentication and profile downloading phases seems fine, but I just get a "Failed to establish secure session - code 8949".
    The green circle is just keep spinning and spinning....
    I have the firewall ports 443, 500, 4343 and 4500 opened and redirected to the controller.

    The clients are tested with the same result on Win10 and 11.
    Sidenote: iOS client never display the specific 8949 error, just a generic "host is unreachable" is displayed instead..

    Controller:
    Aruba 7005
    ArubaOS 8.7.0.0 (Digitally Signed SHA1/SHA256 - Production Build)
    Licenses: ( Transferred from the 605 )
    •  - 4 * Next Generation Policy Enforcement Firewall Module
    •  - 4 * Access Points
    Any ideas or suggestions are highly appreciated
    /Bjarne

    ------------------------------
    Bjarne Ingelsson
    ------------------------------


  • 2.  RE: 7005 and VIA client connection problem

    EMPLOYEE
    Posted Oct 12, 2021 06:05 AM
    Did you try to configure/test VIA on your local LAN so that your firewall is not a factor?  That would eliminate any firewall issues.

    EDIT:  Did you look at the detailed instructions in the VIA remote access guide here?  Aruba Support Portal
    Arubanetworks remove preview
    Aruba Support Portal
    View this on Arubanetworks >




    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 3.  RE: 7005 and VIA client connection problem

    Posted Oct 12, 2021 06:37 AM

    Hello and thanks for your fast reply.

    Actually, that's a no on both questions.

    I will definitely setup a profile for local access, don't know why I haven't thought of that already ( facepalm in progress )

    I've found other VIA setup guides, but not this particular one.

    I keep you updated!




    ------------------------------
    Bjarne Ingelsson
    ------------------------------

    Original Message


  • 4.  RE: 7005 and VIA client connection problem

    Posted Oct 13, 2021 03:45 AM
    Hello again, just tried setting it up locally and ended up with the same problem, the firewall is excluded.

    The old 605 controller is still running and I redirected 443 & 4500 back to that box and the clients connected successfully.
    (The 605 controller runs ArubaOS 6.2.1.4)

    Is there any VIA specific diagnostic/logging I can run in the 7005 perhaps to troubleshoot it?
    I'm really stuck here :o/
    /Bjarne

    ------------------------------
    Bjarne Ingelsson
    ------------------------------

    Original Message


  • 5.  RE: 7005 and VIA client connection problem

    EMPLOYEE
    Posted Oct 13, 2021 04:17 AM
    I didn't look at your first post carefully.  To connect VIA, you either need the LIC-PEFV or LIC-VIA license.  If you don't have one, you can generate a temporary one using asp.arubanetworks.com

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 6.  RE: 7005 and VIA client connection problem

    Posted Oct 13, 2021 05:36 AM

    License issue? Ouch!
    There was one 605 license that couldn't be transferred (incompatible...), guess that's the one..
    Thanks a bunch for the info! I'll try and fetch a new one



    ------------------------------
    Bjarne Ingelsson
    ------------------------------

    Original Message