Security

Hello
Im looking information about this but there is like none for the clearpass side.
I just want to authenticate for now with user and password of active directory to the vpn clients  something really simple to start.
can anyone show me an example of a service for it or where can i see it?  or if you could tell me what i should put in the service
For now i just got 1 service for it a generic 802.1x service

On the authentication i got mschap v2  and the source is the AD of the client

and in the enforment i got the sample policy

It seems something simple but when the user try to authenticate on the access tracker it cannot find the service to fall in so the service is in blank


Any help?
Carlos

You should first make sure that the service matches, and if you have in Access Tracker the non-matching service you should be able to see what attributes are sent and adapt the service rules to match that. If you create a matching service, for example only match the NAS-IP, and put that to the bottom, it should match and you can see all the RADIUS attributes sent to fine-tune your matching rules.

Here are my VIA services; first the VIA Web Authentication (for the profile download):

And this is the one for the actual VPN (IPSec):

EDIT: in my ClearPass, I have the IPSec service first, and the WebAuth after that... that order may be important but I'm not fully sure. If you see matching on the wrong service, swap the services.

Setting up ClearPass and VIA is something that Aruba Support should be able to assist with, if you can't make it work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Feb 02, 2023 01:00 PM
From: cdelarosa
Subject: Clearpass and via integration

Hello
Im looking information about this but there is like none for the clearpass side.
I just want to authenticate for now with user and password of active directory to the vpn clients  something really simple to start.
can anyone show me an example of a service for it or where can i see it?  or if you could tell me what i should put in the service
For now i just got 1 service for it a generic 802.1x service

On the authentication i got mschap v2  and the source is the AD of the client

and in the enforment i got the sample policy

It seems something simple but when the user try to authenticate on the access tracker it cannot find the service to fall in so the service is in blank


Any help?
Carlos

Hello Herman thanks, we will try to make it work if it not we will contact support just as you said

Carlos

Original Message:
Sent: Feb 07, 2023 04:20 AM
From: Herman Robers
Subject: Clearpass and via integration

You should first make sure that the service matches, and if you have in Access Tracker the non-matching service you should be able to see what attributes are sent and adapt the service rules to match that. If you create a matching service, for example only match the NAS-IP, and put that to the bottom, it should match and you can see all the RADIUS attributes sent to fine-tune your matching rules.

Here are my VIA services; first the VIA Web Authentication (for the profile download):

And this is the one for the actual VPN (IPSec):

EDIT: in my ClearPass, I have the IPSec service first, and the WebAuth after that... that order may be important but I'm not fully sure. If you see matching on the wrong service, swap the services.

Setting up ClearPass and VIA is something that Aruba Support should be able to assist with, if you can't make it work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 02, 2023 01:00 PM
From: cdelarosa
Subject: Clearpass and via integration

Hello
Im looking information about this but there is like none for the clearpass side.
I just want to authenticate for now with user and password of active directory to the vpn clients  something really simple to start.
can anyone show me an example of a service for it or where can i see it?  or if you could tell me what i should put in the service
For now i just got 1 service for it a generic 802.1x service

On the authentication i got mschap v2  and the source is the AD of the client

and in the enforment i got the sample policy

It seems something simple but when the user try to authenticate on the access tracker it cannot find the service to fall in so the service is in blank


Any help?
Carlos