Configuring VIA VPN using IKEv1 and Internal User Database
Summary
The Aruba VIA solution is designed to provide secure corporate access to employee laptops and smartphones from mobile hotspots. This solution template will generate full a configuration of VIA using IKE version 1 and Internal User Databases for authentication and role assignment.
Platform Tested
Aruba Mobility Controller 3400 running AOS 6.2.1.1 build 38111, AOS 6.3.0.0 (38660)
VIA Version 2.0.1 running on Apple iPad 3 iOS version 6.0.1(10A523)
Configuration Notes
Firewall Policy
In the case if the VIA controller is directly connected to the public Internet. The following rules should be applied to the external physical interface to only permit the services needed and protect all other services from public access.
Example:
ip access-list session internet
any host 99.109.207.68 svc-https permit log
any host 99.109.207.68 svc-natt permit
any host 99.109.207.68 svc-ike permit
any host 99.109.207.68 svc-esp permit
any any any deny log
interface gigabitethernet 1/3
description "Internet Connection - ISP x"
trusted
trusted vlan 1-4094
ip access-group "internet" session
switchport access vlan 10
Licensing
PEFV and PEF Licenses needed by this solution template.
Network Topology
Video
- Solution Exchange Demo
- Aruba Virtual Intranet Access (VIA) Client Video Data Sheet
References
See Aruba VIA Application Note for more details.
