Aruba Apps

 View Only
last person joined: 2 days ago 

The HPE Aruba Networking Apps board is designed to address questions, comments, and feature requests for all HPE Aruba Networking mobile Apps
Back to discussions
Expand all | Collapse all

Unable to PING or remote assistance VIA clients

This thread has been viewed 21 times

  • 1.  Unable to PING or remote assistance VIA clients

    Posted May 04, 2020 04:31 PM

    Hello all, We have a Aruba controller in our DMZ and around 200 VIA users. Everything working as it should apart from we can not PING or offer remote assistance to VIA clients. Clients getting IP address from a Pool configured in the DMZ controller. Controller can PING the clients without any issues. VIA clients can contact the INSIDE network resources as well. But when we try PINGing VIA clients, it doesn't work.

     

    I can not see any traffic being blocked at the firewall. I have created an ACL in the controller to permit INSIDE machines traffic to reach the VIA clients but it is still not working!.

     

    Any help will be appreciated. Is there any debug command I can run to see where these traffic being dropped?

     

    Thanks Very much

    JJ



  • 2.  RE: Unable to PING or remote assistance VIA clients

    EMPLOYEE
    Posted May 04, 2020 04:34 PM

    Are the addresses in your VIA pool routable to the rest of your network?



  • 3.  RE: Unable to PING or remote assistance VIA clients

    Posted May 04, 2020 04:38 PM

    Thanks for the quick response.

    yes, I have a static route pointing to the DMZ controller. I have tried pointing it to the INSIDE interface of the firewall as well but no success.



  • 4.  RE: Unable to PING or remote assistance VIA clients

    EMPLOYEE
    Posted May 04, 2020 04:51 PM

    Is the user role that the VIA client obtains blocking any traffic?  Where does your traceroute from inside your network stop?



  • 5.  RE: Unable to PING or remote assistance VIA clients

    Posted May 04, 2020 05:13 PM
      |   view attached

    Getting 'Request Timed out' when I do a trace route.

    Attached is the output of the derived user role for our VIA clients

    (Please note, IP addresses has been changed in the txt file for security reasons)

    Attachment(s)

    txt
    VIA.txt   5 KB 1 version


  • 6.  RE: Unable to PING or remote assistance VIA clients

    EMPLOYEE
    Posted May 04, 2020 07:40 PM
    @josej99 wrote:

    Getting 'Request Timed out' when I do a trace route.

    Attached is the output of the derived user role for our VIA clients

    (Please note, IP addresses has been changed in the txt file for security reasons)

    Why are you source-natting traffic if you already have a route to the controller?



  • 7.  RE: Unable to PING or remote assistance VIA clients

    EMPLOYEE
    Posted May 04, 2020 04:55 PM

    Hi,

     

    Can you try the below..

     

    Replace <YOUR_VIA_CLIENT_IP> with the IP address of the VIA client you are checking and <YOUR_INSIDE_IP> with the IP address you are testing from...

     

    show datapath session table <YOUR_VIA_CLIENT_IP>

    show datapath session table <YOUR_VIA_CLIENT_IP> | include D

    show datapath session table <YOUR_VIA_CLIENT_IP> | include <YOUR_INSIDE_IP>

     

    Also, check the role that the VIA users are taking

     

    show rights <VIA_USERS_ROLE>

     

     

     

     

     



  • 8.  RE: Unable to PING or remote assistance VIA clients

    Posted May 04, 2020 05:20 PM
      |   view attached

    Hello Please see attached.

     

    (Please note IP addresses has been modified for security reasons)

     

    192.168.x.x range is the  VIA clients and 10.x.x.x range is the internal networkd

    Attachment(s)

    txt
    datapath.txt   4 KB 1 version


  • 9.  RE: Unable to PING or remote assistance VIA clients

    Posted Nov 10, 2020 05:00 PM
    Are the addresse in your VIA pool routable to the rest of your network?

    ------------------------------


    Kodi nox