Wireless Access

Running VIA on a 3600 with version 6.1.2.4.

Windows VIA clients (32 and 64 bit) both connect fine, as does the new iPad client, but I'm missing something, as Mac version isn't working.

Controller log shows Auth failure, but the LDAP server isn't even getting the request ( as per the LDAP server logs)

Dec 13 15:29:46  l2tp[541]: <105003> <ERRS> |l2tp|  PPP/VPN Authentication failed fairlie 173.161.138.94 PAP.  
Please check authentication server radius/ldap/tacacs logs.

I have it set to fail to the internal DB and that does work.. so what am I missing?

( I saw in the other thread that there was a difference bt. Mac and Windows configs on the controller, but didn't want to jack that thread)

The configs on your firewall is different because the mac requires more ports inbound to your network:

You need:

 UDP— 500, 1701, and 4500

 TCP—1723, 443
 IP protocol— 50 

Thanks for the quick reply.

Are you referring to firewall rules on the controller itself, or our WAN firewall ( because currently I have wide open access to the controller from outside on the WAN firewall ( not blocking anything)

Timothy,

The VIA client on Mac OS authenticates against the server configured under the 'VPN authentication profile', which is different from the Windows/iOS clients that authenticate against the server under 'VIA authentication profile'.

Therefore you would have to provision your LDAP server under VPN Authentication Profile->default->Server Group.

Hope this helps.

Regards

Charu

Yep, adding the LDAP servers in the VPN auth profile did the job.

Thanks guys!

i have the vpn authentication profile configured to reflect the same server group as the VIA authentication profile and I am still having issues with MAC OS devices connecting. here is the error message on the controller: <l2tp 105003>  <ERRS> |l2tp|  PPP/VPN Authentication failed (user name) 24.2.189.200 MSCHAPv2.