Wired Intelligent Edge

Hi Community!

 

i have an issue with a via connection profile only on ios devices. iam using split tunnel to route internal network with via and i am using a dns suffix test.com to route to internal servers. Now if i download a fresh connection profile and connect directly the ios device forwards all dns "traffic" (traffic for services with names) into the tunnel. If i disconnect the tunnel and reconnect i loos the function. Now only IP-Adress traffic is forwarded into the tunnel and dns traffic is forwarded to the default/native dns which can't resolve the hosts.

 

The same profile works with windows 10 very good and has never this issue.

 

Does anyone know that "issue" or is it a config/connection profile issue here ?

 

Software is 6.5.x and VIA 3.x.

 

Thanks in advance!

We would need to see your VIA profiles.  There are so many variables here..

Hi,

 

here is the connection profile:

 

aaa authentication via connection-profile "Mobile-Conn-Prof"
   server addr "x.x.com" internal-ip 10.x.x.x desc "LAN" position 0
   auth-profile "Cert" position 0
   tunnel address 10.x.x.x netmask 255.248.0.0
   split-tunneling
   ikev2-policy "20"
   ike-policy "Default RAP 10002"
   no windows-credentials
   ikev2-proto
   ikev2auth eap-tls
   ipsec-cryptomap map "default-ikev2-dynamicmap" number 10000
   enable-supplicant
   auth_domain_suffix
   no domain-pre-connect
   no validate-server-cert
   dns-suffix-list "123.com"
   support-email "123.com"

 

 

This forwards all traffic to *.123.com only the first time the profile gets downloaded and connected it works. It doesn't work - reproducable - if i restart the phone and connect again.

 

Thanks for suggestions - maybe this is a apple problem ... dunno :(

This is complicated when we have full information, but even more complicated when we have to deal with redacted ip addresses.  I would open a tac case in parallel and start with a simple connection first meanwhile.  I would eliminate the DNS options and split tunnel and see if it works fully tunneled or see if it still loses the options.  Your version of ArubaOS code and the VIA client on your IOS device would also be relevant.

 

To be clear, a device should not be losing settings when it reboots and reconnects.

 

Thanks for reporting this. There is a known issue with IOS and split tunneling that is scheduled to be fixed in the next release. I will update this thread when it is fixed.

Thanks in advance for your patience..

Hi!

 

thanks for feedback. We work also with other split tunnel successfully on ios. So it seems to be a combination. Can you provide me further details when this will be fixed ? Can we get a beta software to test this?

 

Thanks

 

It is a problem with the Aruba VIA client on IOS.  I am not sure when the next client is coming out, but the fix will be the next release.  Please subscribe to this topic and I will post when it is released.  Thanks for your patience.