Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

VIA VPN Client on Guest network

This thread has been viewed 2 times

  • 1.  VIA VPN Client on Guest network

    Posted Jan 15, 2019 10:15 AM

    Hi,

    I want to be able to use a VIA VPN client on a Guest network based on Aruba Central.

    The Guest network is "isolated", meaning it has its own VLAN and clients are getting IP addresses from a DHCP server on a firewall.

    All ports are open on the firewall (just for testing) and the Access Type for guests are set to unrestricted.

    The clients can access Internet, but when starting the VIA VPN clients, clients are getting an error message, saying "Network is down or URL is not reachable"



  • 2.  RE: VIA VPN Client on Guest network

    EMPLOYEE
    Posted Jan 15, 2019 03:11 PM

    You need port UDP 4500 and port TCP 443 for VIA to work fully.  I would go to the VIA VPN controller and type "show datapath session table <public ip address of guest network>" while you are trying to connect to see if the traffic is even hitting the controller on ports TCP 443 and UDP 4500



  • 3.  RE: VIA VPN Client on Guest network

    Posted Jan 16, 2019 08:32 AM
      |   view attached

    Hi Colin,

    On my Guest SSID, I have set the Access Type as Network-based, and allow access to DHCP, DNS, HTTP, HTTPS and UDP 4500.

    Doing a show datapath as you suggested, I do not see any UDP 4500 on the controller.

    I have attached a .txt file, showing the output from show datapath.

    xxx.xxx is the originator, and yyy.yyy is the receiver

    Attachment(s)

    txt
    show_datapath.txt   1 KB 1 version