Configuring VIA VPN using IKEv1 and Internal User Database
The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones from mobile hotspots. This solution template will generate full a configuration of VIA using IKE version 1 and Internal User Databases for authentication and role assignment.
Aruba Mobility Controller 3400 running AOS 184.108.40.206 build 38111, AOS 220.127.116.11 (38660)
VIA Version 2.0.1 running on Apple iPad 3 iOS version 6.0.1(10A523)
In the case if the VIA controller is directly connected to the public Internet. The following rules should be applied to the external physical interface to only permit the services needed and protect all other services from public access.
ip access-list session internet
any host 18.104.22.168 svc-https permit log
any host 22.214.171.124 svc-natt permit
any host 126.96.36.199 svc-ike permit
any host 188.8.131.52 svc-esp permit
any any any deny log
interface gigabitethernet 1/3
description "Internet Connection - ISP x"
trusted vlan 1-4094
ip access-group "internet" session
switchport access vlan 10
PEFV and PEF Licenses needed by this solution template.
- Solution Exchange Demo
- Aruba Virtual Intranet Access (VIA) Client Video Data Sheet
See Aruba VIA Application Note for more details.