Occasional Contributor I

VIA and IAS Remote Access Policies

I have VIA finally working with EAP-TLS. :) Now I'm having an issue with how my new IAS RAP for my VIA clients is working.  About half of my mobile users will be using the new VIA IAS RAP and they belong to a windows security group: domain\viausers but, these users also belong to our corporate wireless security groups too.  for example:


Remote access policy for our Corp Wireless users looks like this:  Order is 2


NAS-Port-Type matches "Wireless - Other or Wireless -IEEE 802.11" AND Windows-Groups matches "domain\corpwirelessuser"


Remote access policy for the VIA users looks like this: Order is 3


NAS-Port-Type matches "Virtual (VPN)" AND Windows-Groups matches "Domain\viausers"


The problem is if the user is in both groups the user never processes the VIA remote access policy.  I'm I missing something?










Guru Elite

Re: VIA and IAS Remote Access Policies

What is the full eventviewer message when the user fails?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: VIA and IAS Remote Access Policies

Check the event log for a VIA connection that was processed by the Wireless Policy.  In the log, look for the entry for NAS-Port-Type.  What does it say?     The connection attempt has to match the conditions, so if your VIA connections are hitting the Wireless Policy, they must be matching those conditions you have set.

Systems Engineer, Northeast USA

Search Airheads
Showing results for 
Search instead for 
Did you mean: