Wireless Access

Hello GURUs, 

I went through VIA appnote, and I didn't find the answer to the below question, 

Can we do machine authentication through VIA vpn? if so can we do that? 

In addition, I have basically 3 connection profiles, each with specific setup, is there a way to show only a specific profile for specific users? 

Domain pre-connect is the "machine authentication" you might be looking for:  https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-Domain-Pre-connect-in-VIA-and-how-does-it-work/ta-p/184550

https://community.arubanetworks.com/t5/Wireless-Access/VIA-Pre-Connect-option/td-p/114155

EDIT;  Please see the attached document for details on configuring VIA.

Attachment(s)

via-3x-configuration.pdf   1.13 MB 1 version

Nice docs reference, 

I can see the feature is supported just with IKEv2, I'm currently using IKEv1 with MFA, so pre-conn won't work for my case? 

Besides, I think Pre-conn option won't prevent a non-domain PC from being connected to the VPN, right? 

Regards,

Thanks.

It is only supported with IKEv2.

It will not prevent a non-domain pc from connecting.  You would probably have to configure certificates-only authentication to do that effectively.

I'm not sure if cert-only authentication will be supported by DUO, because DUO uses only PAP as an auth method. 

any idea? 

Well noted !! 

another question here is there a way to have separate "VIA web auth", for instance, let's say 2 FQDNs each will prompt a specific connection profile to the VIA client

feasible?