What is the role of SSL fallback option in VIA deployments and how to configure it?

Aruba Employee
Aruba Employee

This article explains the need for SSL failover in VIA deployments and the method to configure it.



Some network firewalls block UDP ports 4500 and 500 that are essential to establish an IPsec connection. If a user is connected to such a network, the IPsec connection that is initiated by VIA fails. In these situations, the SSL fallback option of VIA can take advantage of the UDP port 443 (used for HTTPS) allowed by almost all firewalls.
If the SSL fallback option is enabled, it allows VIA client to connect securely to the controller by wrapping the IPsec packets in an SSL header. If SSL fallback is enabled, each VIA client accounts for two IPsec tunnels toward the controller IPsec limit calculation.
Environment : This article applies to all the controllers running OS version 5.0 and 6.0 and all the VIA client versions.
The SSL fallback can be enabled or disabled in the VIA global configuration.
To configure SSL Fallback:

(NTWK-SER-3400) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(NTWK-SER-3400) (config) #aaa authentication via global-config
(NTWK-SER-3400) (VIA Global Configuration) #ssl-fallback-enable
(NTWK-SER-3400) (VIA Global Configuration) #


Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 03:05 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: