Aruba VIA automatically uses the proxy settings from IE to connect to the controller. Isn't this a design mistake?
For example, our company network is 10.0.5.0. The proxy server in IE is set to 10.0.5.10 on all laptops.
If somebody works from home, they are not able to reach our company network without VIA. So they use VIA connect to our company network. But while connecting, VIA will try to use the proxy server in the company network. Which is not yet reachable. So it will fail, or at least hang for a while. Can we somehow tell the VIA client NOT to use a proxy?
Because proxy is only available while on company network. And while on company network, you don't need VIA. So why would VIA use proxy?
In the windows client, there is a settings tab where I believe you can blank out the proxy settings.
Can you send me the output of. Not sure if there is something ticked off in there disallowing this...
show aaa authentication via connection-profile "default"
(Aruba650) #show aaa authentication via connection-profile "default"
VIA Connection Profile "default"--------------------------------Parameter Value--------- -----VIA Servers 0/87.X.X.X/10.X.X.X/vpn1Client Auto-Login EnabledVIA Authentication Profiles to provision 0/defaultAllow client to auto-upgrade DisabledVIA tunneled networks N/AEnable split tunneling DisabledVIA Client WLAN profiles N/AAllow client side logging EnabledVIA IKE V2 Policy 10007VIA IKE Policy 20Use Windows Credentials EnabledEnable IKEv2 DisabledUse Suite B Cryptography DisabledIKEv2 Authentication method eap-mschapv2VIA IPSec V2 Crypto Map default-dynamicmap/10000VIA IPSec Crypto Map default-dynamicmap/10000Allow user to save passwords EnabledEnable Supplicant DisabledEnable FIPS Module DisabledAuto-launch Supplicant DisabledLockdown All Settings DisabledDomain Suffix in VIA Authentication DisabledEnable Controllers Load Balance DisabledEnable Domain Pre-connect DisabledVIA Banner Message Reappearance Timeout(minutes) 60VIA Client Network Mask 255.255.255.255Validate Server Certificate DisabledVIA Client DNS Suffix List corp.X.XVIA max session timeout 1440 minVIA Logon Script N/AVIA Logoff Script N/AVIA Support E-Mail Address N/AMaximum reconnection attempts 1VIA external download URL N/AAllow user to disconnect VIA EnabledContent Security Gateway URL N/AComma seperated list of HTTP ports to be inspected (apart from default port 80) N/AEnable Content Security Services DisabledKeep VIA window minimized DisabledBlock traffic until VPN tunnel is up DisabledBlock traffic rules N/A
The only thing I can think of in there is the block traffic until VPN is established setting. This is also found in the UI under Config --> Authentication --> L3 authentication.
I am unsure if this will work or not...perhaps a call into support if it does not.
Yeah - so please open a tac case and see what they say
This is solved by adding both the internal and external ip's/hostnames of the controller to the proxy exception list in Internet Explorer.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.