Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

VIA Users keep getting disconnected.

This thread has been viewed 2 times

  • 1.  VIA Users keep getting disconnected.

    Posted Apr 03, 2018 10:56 PM

    Hello,

     

    We are starting to receive reports that users who are connecting to VIA for VPN are continually being disconnected and reconnected. I checked the logs and a user could have up to 4 active IP address on the VIA controller. looking at clearpass the only thing I can find is Termination Cause = NAS-Request. Any Ideas?

     

    Thanks,

    Mike

     



  • 2.  RE: VIA Users keep getting disconnected.

    MVP EXPERT
    Posted Apr 04, 2018 01:10 AM
    Do you see anything in the logs? Run the below command to see if you can identify any issues. The XXXX can be MAC/Username/IP

    #show log all | include XXXX


  • 3.  RE: VIA Users keep getting disconnected.

    Posted Apr 04, 2018 12:51 PM

    I Rand the command against username and IP address and this is what i got.

     

    show log all | include kysnyder
    Jan 16 09:51:50  webui[3692]: USER: kysnyder has logged in from 10.40.145.63.
    Apr  3 13:15:01  webui[3692]: USER: kysnyder has logged in from 10.40.145.63.

     

    #show log all | include 10.40.145.63
    Jan 16 09:51:50  webui[3692]: USER: kysnyder has logged in from 10.40.145.63.
    Apr  3 13:15:01  authmgr[3921]: <199802> <3921> <ERRS> |authmgr|  ncfg_auth.c, ncfg_auth_server_group_authtype:329: Invalid authentication type 25 (ip=10.40.145.63)
    Apr  3 13:15:01  webui[3692]: USER: kysnyder has logged in from 10.40.145.63.

     

    Thanks,

    Mike



  • 4.  RE: VIA Users keep getting disconnected.

    EMPLOYEE
    Posted Apr 04, 2018 01:39 PM

    The best thing you can do is open a TAC case, because there is alot of personal information on your controller that might need to be analyzed to get to the bottom of this:

    http://www.arubanetworks.com/support-services/support-program/contact-support

     

     

    While you are doing that, you can still post here, and have someone working on your TAC case at the same time.

     

    With that being said, just like any other issue that only happens once in awhile, it would be best to setup a syslog server so that the logs you are looking for do not get erased due to "rolling".  After you set that up, you can turn on VPN debugging like this:

     

    config t

    logging level debugging security subcat ike
    logging level debugging security process aaa
    logging level debugging security process authmgr
    logging level debugging security process l2tp
    logging level debugging security subcat vpn

     

    When the issue happens, I would find out what the public ip address of the user is, and then filter the security logs on that ip address to understand what could be happening:

     

    show log security all | include <public ip address>



  • 5.  RE: VIA Users keep getting disconnected.

    Posted Apr 04, 2018 01:53 PM

    Thanks for the help I do have a TAC case open and I turned on the logging like you instructed.

     

    - Mike