Wireless Access

Reply
Highlighted

Re: VIA Questions

Hello Vpan thanks you very much for answering soo fast!

 

Well you said in earlier message that the issue with the browser was fixed that i didnt need to use the 64bit browser.   If you do well we will need to advice clients that they must use the 64bit browser....

My kernel version is 2.6... so i guess mine is not supported then...

Anything else i should tell the client? besides that information?

 

----------------------------------------------------
Project engineer
Highlighted
Aruba Employee

Re: VIA Questions

Nothing else.

Highlighted
Guru Elite

Re: VIA Questions


@NightShade1 wrote:

Hello Vpan thanks you very much for answering soo fast!

 

Well you said in earlier message that the issue with the browser was fixed that i didnt need to use the 64bit browser.   If you do well we will need to advice clients that they must use the 64bit browser....

My kernel version is 2.6... so i guess mine is not supported then...

Anything else i should tell the client? besides that information?

 


You can fix the browser detection issue by uploading a new VIA page using the HTML in the post here:  http://community.arubanetworks.com/t5/VIA-and-CSS/repost-of-the-useful-code-snippet-for-client-autodetection/m-p/21704/highlight/false#M27

 

ArubaOS 6.2 will have the fix to the VIA detection page.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted

Re: VIA Questions

Thanks Collin

Via is working Great on windows...

But im having problems setting it up in MAC

The problem i got is that i cannot forward that i mean the IP Protocol 50.

Do i need to give it a total IP , i dont think you are able to do that in any firewall..   how do you overcome this? has anyone do it in a port forwarding mode and mke it work with mac?

----------------------------------------------------
Project engineer
Highlighted
Guru Elite

Re: VIA Questions

You just have to permit IP protocol 50.  What firewall is this?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted

Re: VIA Questions

A fortigate

When im dong port forwarding i just got option of TCP or UDP

i could on the firewall rules permit portocol IP to the internal network... but it wont be forwarded to the controller? im  kind of confuese to be honest...

----------------------------------------------------
Project engineer
Highlighted
Guru Elite

Re: VIA Questions

You do need to forward it.  Strangely enough, the fortinet VPN client needs these protocols http://www.juniperforum.com/index.php?topic=6591.0


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted

Re: VIA Questions

As far i understand here

 

IP protocol 50 is ESP and IP protocol 51 is AH.
These are not ports but protocols in the IP suite.
To pass IPsec you allow ESP (or AH depending) and UDP/500 (IKE)
UDP/4500 is for NAT-T (NAT Traversal) which solves ESP (or AH) going through NAT

 

 

which mean by opening port 4500  it will let in also the ip protocol 50.... so i don t need to do that it will do it automatically?

 

Howyou do it on the firewallls you use Collin?

----------------------------------------------------
Project engineer
Highlighted
Guru Elite

Re: VIA Questions


@NightShade1 wrote:

As far i understand here

 

IP protocol 50 is ESP and IP protocol 51 is AH.
These are not ports but protocols in the IP suite.
To pass IPsec you allow ESP (or AH depending) and UDP/500 (IKE)
UDP/4500 is for NAT-T (NAT Traversal) which solves ESP (or AH) going through NAT

 

 

which mean by opening port 4500  it will let in also the ip protocol 50.... so i don t need to do that it will do it automatically?

 

Howyou do it on the firewallls you use Collin?


UDP/4500 is NAT-T

That is different from ESP (encapsulating security payload)

Which is also different from AH

 

All three must be allowed.  Check out the Microsoft Vanilla explanation here:  http://support.microsoft.com/kb/233256

 

 The firewall should be able to permit "protocols" as well as UDP and TCP ports.

 

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted

Re: VIA Questions

WEll if that true then i must be doing something else wrong..

I got the windows client working perfectly with ssl fallback and everything and its awsome...

 

Now i just missing MAC and IPADS

 

I already port forward the ports port udp 500, 1701,  tcp 1723, udp 4500, tcp 443

 

My boss was trying to connect via a mac or his ipad but he said that he couldnt... he cound not even pass the part of the authentication....

 

I am using pap for authentication and on the Network policy on the NPS i got selected PAP.

 

i dot know if im missing something??

 

Here is the config...

 

Here is the relevant config :

 

aaa authentication via auth-profile "Alternetworks_VIA"
server-group "OptiWifi_srvgrp-xam55"

 

aaa server-group "OptiWifi_srvgrp-xam55"
 auth-server NPS
 set role condition Filter-Id value-of

 

 

aaa authentication via connection-profile "Alternetworks_Connection_Profile"
   server addr "200.75.219.10" internal-ip 172.16.3.221 desc "Alternetworks_Office_Controller" position 0
   auth-profile "Alternetworks_VIA" position 0
   tunnel address 172.16.3.0 netmask 255.255.255.0
   tunnel address 172.29.0.0 netmask 255.255.255.0
   tunnel address 172.16.2.0 netmask 255.255.255.0
   tunnel address 172.31.3.0 netmask 255.255.255.0
   tunnel address 10.10.100.0 netmask 255.255.255.0
   split-tunneling
   ikev2-policy "10004"
   no windows-credentials

 

 

 

aaa authentication via web-auth "default"
   auth-profile "Alternetworks_VIA" position 0

 

 

user-role Ingenieria
 pool l2tp VIA
 via "Alternetworks_Connection_Profile"
 access-list session allowall

 

user-role default-via-role
 pool l2tp VIA
 via "Alternetworks_Connection_Profile"
 access-list session allowall

 

 

aaa authentication via web-auth "default"
   auth-profile "Alternetworks_VIA" position 0
!
aaa authentication via global-config
   ssl-fallback-enable

 

 

 

Now i dont know why it says IKEv2 10024 as i didnt enable IKEv2 its not with the checkbox.... its clear... and as far i read MAC doesnt work with IKEv2 yet it just work with IKEv1....

 

Any help is appreciated... i really want to finish with this already as i really want to start showing this to clients... but i need to have it working with Windows, IOS and Androids....

----------------------------------------------------
Project engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: