Aruba Apps

Reply
Highlighted
New Contributor

Unable to PING or remote assistance VIA clients

Hello all, We have a Aruba controller in our DMZ and around 200 VIA users. Everything working as it should apart from we can not PING or offer remote assistance to VIA clients. Clients getting IP address from a Pool configured in the DMZ controller. Controller can PING the clients without any issues. VIA clients can contact the INSIDE network resources as well. But when we try PINGing VIA clients, it doesn't work.

 

I can not see any traffic being blocked at the firewall. I have created an ACL in the controller to permit INSIDE machines traffic to reach the VIA clients but it is still not working!.

 

Any help will be appreciated. Is there any debug command I can run to see where these traffic being dropped?

 

Thanks Very much

JJ

Highlighted
Guru Elite

Re: Unable to PING or remote assistance VIA clients

Are the addresses in your VIA pool routable to the rest of your network?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
New Contributor

Re: Unable to PING or remote assistance VIA clients

Thanks for the quick response.

yes, I have a static route pointing to the DMZ controller. I have tried pointing it to the INSIDE interface of the firewall as well but no success.

Highlighted
Guru Elite

Re: Unable to PING or remote assistance VIA clients

Is the user role that the VIA client obtains blocking any traffic?  Where does your traceroute from inside your network stop?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Aruba Employee

Re: Unable to PING or remote assistance VIA clients

Hi,

 

Can you try the below..

 

Replace <YOUR_VIA_CLIENT_IP> with the IP address of the VIA client you are checking and <YOUR_INSIDE_IP> with the IP address you are testing from...

 

show datapath session table <YOUR_VIA_CLIENT_IP>

show datapath session table <YOUR_VIA_CLIENT_IP> | include D

show datapath session table <YOUR_VIA_CLIENT_IP> | include <YOUR_INSIDE_IP>

 

Also, check the role that the VIA users are taking

 

show rights <VIA_USERS_ROLE>

 

 

 

 

 

Highlighted
New Contributor

Re: Unable to PING or remote assistance VIA clients

Getting 'Request Timed out' when I do a trace route.

Attached is the output of the derived user role for our VIA clients

(Please note, IP addresses has been changed in the txt file for security reasons)

Highlighted
New Contributor

Re: Unable to PING or remote assistance VIA clients

Hello Please see attached.

 

(Please note IP addresses has been modified for security reasons)

 

192.168.x.x range is the  VIA clients and 10.x.x.x range is the internal networkd

Highlighted
Guru Elite

Re: Unable to PING or remote assistance VIA clients


@josej99 wrote:

Getting 'Request Timed out' when I do a trace route.

Attached is the output of the derived user role for our VIA clients

(Please note, IP addresses has been changed in the txt file for security reasons)


Why are you source-natting traffic if you already have a route to the controller?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide