Your SlideShare is downloading. ×
Aruba VIA 2.0 (Mac) User Guide
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Aruba VIA 2.0 (Mac) User Guide

648
views

Published on

Aruba VIA 2.0 (Mac) User Guide

Aruba VIA 2.0 (Mac) User Guide

Published in: Technology, Travel

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
648
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Aruba VIA 2.0 Mac Edition UserGuide
  • 2. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba VIA 2.0 Mac Edition | User Guide 0511257-01 | January 2013 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty.
  • 3. Aruba VIA 2.0 Mac Edition | User Guide | 1 Contents About this Guide....................................................................................................................3 VIA Connection Manager.......................................................................................3 How it Works...................................................................................................3 Compatibility Matrix...............................................................................................4 Installing the VIA Connection Manager .................................................................5 Chapter 1 VIA Configuration.....................................................................................9 Before you Begin...................................................................................................9 Authentication Mechanisms for Aruba VIA 2.0 Mac Edition..................................9 IKEv1...............................................................................................................9 IKEv2...............................................................................................................9 Configuring VIA Settings......................................................................................10 Using ArubaOS WebUI to Configure VIA ......................................................10 Install PEFV license ................................................................................10 Create VIA User Roles ............................................................................10 Create VIA Authentication Profile ...........................................................11 Create VIA Connection Profile................................................................12 Configure VIA Web Authentication .........................................................13 Associate VIA Connection Profile to User Role......................................14 Rebranding VIA and Uploading VIA Installers ........................................15 Using CLI to Configure VIA ...........................................................................16 Create VIA Roles.....................................................................................16 Create VIA Authentication Profiles .........................................................16 Create VIA Connection Profiles ..............................................................17 Configure VIA Web Authentication .........................................................17 Associate VIA Connection Profile to User Role......................................17 Rebranding VIA and Uploading VIA Installers ........................................17 Chapter 2 End User Instructions............................................................................19 Pre-requisites ......................................................................................................19 Downloading VIA .................................................................................................19 Installing VIA ........................................................................................................20 Using VIA .............................................................................................................20 Connection Details Tab.................................................................................21 Diagnostic Tab ..............................................................................................21 Download and Clear Profile Button...............................................................21 Send Logs Button .........................................................................................22 Uninstalling VIA....................................................................................................22 Configruing Certificates ACL...............................................................................22
  • 4. 2 | Aruba VIA 2.0 Mac Edition | User Guide
  • 5. Aruba VIA 2.0 Mac Edition | User Guide Figures | 1 Figures Figure 1 Welcome Page for Installation...............................................................................5 Figure 2 License Agreement................................................................................................5 Figure 3 License Agreement Prompt...................................................................................6 Figure 4 Standard Install......................................................................................................6 Figure 5 Install Success Page .............................................................................................6 Figure 6 Connection Details ................................................................................................7 Figure 7 VIA - Associate User Role to VIA Authentication Profile .....................................11 Figure 8 VIA - Creating a new server group for VIA authentication profile........................11 Figure 9 VIA - Enter a name for the server group..............................................................12 Figure 10 VIA - Create VIA Connection Profile ....................................................................12 Figure 11 VIA - Select VIA Authentication Profile ................................................................14 Figure 12 VIA - Associate VIA Connection Profile to User Role ..........................................15 Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer ...............15 Figure 14 Login to Download VIA........................................................................................20 Figure 15 Downloading VIA set up file after authentication.................................................20 Figure 16 VIA Connection Manager GUI .............................................................................21
  • 6. 2 | Figures Aruba VIA 2.0 Mac Edition | User Guide
  • 7. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 3 About this Guide Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the user’s network environment (trusted and un-trusted) and automatically connects the user to their enterprise network. Trusted networks typically refer to protected office networks that allow users to directly access corporate intranet. Un-trusted networks are public Wi-Fi hotspots such as airports, cafes, or home network. The VIA solution comes in two parts—VIA connection manager and the controller configuration.  VIA connection manager—Teleworkers and mobile users can easily install a light weight application on their computers running on MacOSX to connect to their enterprise network from remote locations (see “VIA Connection Manager” on page 3).  Controller configuration—To set up virtual intranet access for remote users, you must configure your controller with user roles, and authentication and connection profiles. You can use either the WebUI or CLI to configure your controller (see “VIA Configuration” on page 9). VIA requires the PEFV license and is supported on the M3, 3000 Series, and 600 Series controller. This chapter includes the following topics:  “VIA Connection Manager” on page 3  “Compatibility Matrix” on page 4  “Installing the VIA Connection Manager” on page 5  “Configuring VIA Settings” on page 10 VIA Connection Manager If a user is connected from a remote location that is outside of the enterprise network, VIA automatically detects the environment as un-trusted and creates a secure IPSec connection between the user and the enterprise network. When the user moves into the trusted network, VIA detects the network type and moves to idle state by dropping the IPSec connection. How it Works VIA provides a seamless connectivity experience to users when accessing an enterprise or corporate resource, for example workstation or server, from an un-trusted or trusted network connection. By default, VIA is launched automatically at system start and establishes a remote connection. Table 1 on page 3 explains the typical behavior: Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The client or user moves from a trusted to un-trusted environment. For example, from office to a public hot- spot. Auto-launches and establishes connection to remote network.
  • 8. 4 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Compatibility Matrix The following table shows the compatibility of VIA 2.0 for Mac. The client moves from an un-trusted to a trusted environment. Auto-launch and stay idle. VIA does not establish remote connection. You can, however, manually connect to a network by selecting an appropriate connection profile from the Settings tab. While in an un-trusted environment, user disconnects the remote connection. Disconnects gracefully. User moves to a trusted environment. Stays idle and does not connect. User moves to an un-trusted environment Stays idle and does not connect. This usually happens, if the user has in a previous occasion disconnected a secure connection by clicking the Disconnect button in VIA. Users can manually connect using one of the following methods: 1. Right-click on the VIA icon in the system tray and select the Restore option and then select the Connect option to connect using the default connection profile. 2. Right-click on the VIA icon in the system tray and select the Connect option. In an un-trusted environment, user restarts the system. Auto-launches and establishes remote connection. In an un-trusted environment, user shuts down the system. Moves to a trusted environment and restarts system. Auto-launches and stays idle. Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The events do not always occur in the order shown in the Table 1 on page 3. Table 2 VIA Compatibility Matrix ArubaOS Version Operating Systems Mac 10.7.X Mac 10.8.X ArubaOS 5.0.X Compatible Compatible ArubaOS 6.0.x Compatible Compatible ArubaOS 6.1.x Compatible Compatible ArubaOS 6.2.x Compatible Compatible
  • 9. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 5 Installing the VIA Connection Manager Users can download VIA from a URL provided by their local system administrators and install it on their computers. Alternatively, administrators can install VIA by using a system management software. Perform the following steps to install a VIA client on Apple MacOSX. Ensure that you have met the “Pre- requisites” on page 19 before proceeding with the installation. 1. Double-click the downloaded set up file macviainstaller.pkg to start the installation process. The Welcome page of the VIA Installation wizard appears.. Figure 1 Welcome Page for Installation 2. Click Continue. The License Agreement page appears. Figure 2 License Agreement 3. Click Continue. The License Agreement prompt appears. For information about the VIA Connection Manager and OS compatibility, see Chapter 2, “End User Instructions” on page 19.
  • 10. 6 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Figure 3 License Agreement Prompt 4. Click Agree. The Standard Install page appears. Figure 4 Standard Install 5. Click Install. After the successful installation, the page indicating successful installation appears. Figure 5 Install Success Page 6. Click Close to complete the installation. After the installation is complete, the connection details pop-up window appears.
  • 11. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 7 Figure 6 Connection Details 7. Enter the following details: a. Remote server URL—Obtain this URL from the system administrator. The administrator can also provision the URL on the controller. In such cases, provide the username and password. b. Username—Domain user name of the user. c. Password—Domain password of the user. 8. Click Connect to initiate a secure VIA connection.
  • 12. 8 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide
  • 13. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 9 Chapter 1 VIA Configuration The VPN settings must be configured before configuring VIA. For information on configuring VPN settings on your controller, see Virtual Private Networks chapter in the latest ArubaOS user guide . This chapter includes the following topics:  “Before you Begin” on page 9  “Authentication Mechanisms for Aruba VIA 2.0 Mac Edition” on page 9  “Configuring VIA Settings” on page 10 Before you Begin The following ports must be enabled before configuring the VIA controller.  TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and captive portal checks against the controller. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.  UDP 4500—Required for IPSec transport. Authentication Mechanisms for Aruba VIA 2.0 Mac Edition Authentication is performed using IKEv1 and IKEv2 methods. IKEv1 In IKEv1, phase 0 authentication, which authenticates the VPN client, can be performed using either a pre- shared key or an X.509 certificate (the X.509 certificate must appear in the operating system’s “user” certificate store.) If certificates are used for IKE phase 0 authentication, it must be followed by username and password authentication. The second authentication phase is performed using xAuth, which requires a username and password. The username and password is authenticated against the controller’s internal database, a RADIUS server, or an LDAP server. If a RADIUS server is used, it must support the PAP protocol. Support for two-factor authentication such as token cards is provided in VIA 2.0. Token product such as RSA tokens and other token cards are also supported. This includes support for new-pin and next-pin. IKEv2 IKEv2 is an updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 has only single phase authentication process. VIA supports the following IKEv2 authentication methods:  X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.  EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.
  • 14. 10 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Configuring VIA Settings The following steps are required to configure your controller for VIA. These steps are described in detail in the subsections that follow. 1. Install PEFV license—ArubaOS allows you to connect to the VIA controller using the default user roles. However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual Private Network (PEFV) license. 2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using VIA. You can configure different VIA roles or use the default VIA role—default-via- role. 3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA users. The server group contains the list of authentication servers and server rules to derive user roles based on the user authentication. You can configure multiple VIA authentication profiles and/or use the default VIA authentication profile created with Internal server group 4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used. 5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login. 6. Associate VIA Connection Profile to User Role—A VIA connection profile must be associated to a user role. Users login by authenticating against the server group specified in the VIA authentication profile and are put into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that user role. The default VIA connection profile is used. 7. Rebranding VIA and Uploading VIA Installers—You can use a custom logo on the VIA client and on the VIA download web page. 8. Download VIA Installer and Version File— VIA installers are available at the Aruba support site and are uploaded to the controller or an external hosting server for download by the users. After the users login to the VIA download page, the controller presents the appropriate VIA image version file. Using ArubaOS WebUI to Configure VIA The following steps illustrate configuring your controller for VIA using the WebUI. Install PEFV license Install the PEFV license to configure and assign user roles. For more information on licenses, see Software Licenses chapter in the latest ArubaOS 6.1 user guide. To install a license: 1. Navigate to Configuration > Network > Controller and select the Licenses tab on the right hand side. 2. Paste the license key in the Add New License key text box and click Add. Create VIA User Roles To create VIA users roles: 1. Navigate to Configuration > Security > Access Control > User Roles.
  • 15. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 11 2. Click Add to create new policies. 3. Click Done after creating the user role and click Apply to save it to the configuration. Create VIA Authentication Profile To create an authentication profile to authenticate users against a server group: 1. Navigate to Configuration > Security > Authentication > L3 Authentication. 2. Under the Profiles section, expand the VIA Authentication Profile option. You can configure the following parameters for the authentication profile: Table 3 VIA - Authentication Profile Parameters Parameter Description Default Role The role that will be assigned to the authenticated users. Max Authentication Failures Specifies the maximum authentication failures allowed. The default is 0 (zero). Description A user friendly name or description for the authentication profile. 3. To create a new authentication profile: a. Enter a name for the new authentication profile under the VIA Authentication Profiles section and click Add. b. Expand the VIA Authentication Profiles option and select the new profile name. 4. To modify an authentication profile, select the profile name to configure the default role The following figure uses the default authentication profile. Figure 7 VIA - Associate User Role to VIA Authentication Profile 5. To use a different server group, Click Server Group under VIA Authentication Profile and select New to create a new server group. Figure 8 VIA - Creating a new server group for VIA authentication profile 6. Enter a name for the server group.
  • 16. 12 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Figure 9 VIA - Enter a name for the server group Create VIA Connection Profile To create VIA connection profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. Click the VIA Connection Profile option and enter a name for the connection profile. Figure 10 VIA - Create VIA Connection Profile 2. Click on the new VIA connection profile to configure the connection settings. You can configure the following options for a VIA connection profile. Table 4 VIA - Connection Profile Options Configuration Option Description VIA Servers Enter the following information about the VIA controller.  Hostname/IP Address: This is the public IP address or the DNS hostname of your VIA Server / controller. You can connect to this remote server using the IP address or the hostname.  Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belonging to this VIA server.  Description: This is a human-readable description of the VIA server. Click Add after entering all the details. If you have more than one VIA controller you can re-order them by clicking the Up and Down arrows. To delete a VIA server from the list, select a server and click Delete. VIA Authentication Profiles to provision This is the list of VIA authentication profiles displayed to users in the VIA client. See “Create VIA Authentication Profile” on page 11.  Select an authentication profile and click Add to add to the authentication profiles list.  Change the order of the list by clicking the Up and Down arrows, if required.  To delete an authentication profile, select a profile name and click Delete.
  • 17. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 13 Configure VIA Web Authentication To configure VIA web authentication profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. VIA tunneled networks Refers to a list of network destination (IP address and netmask) that the VIA client tunnels through the controller. All other network destinations are reachable directly by the VIA client.  Enter an IP address and network mask. Click Add to add them to the tunneled networks list.  To delete a network entry, select the IP address and click Delete. VIA IKE V2 Policy Refers to list of available IKEv2 policies. VIA IKE Policy Refers to list of IKE policies that the VIA Client has to use to connect to the controller. These IKE policies are configured under Configuration > Advanced Services > VPN Services > IPSEC > IKE Policies. Enable IKEv2 Enables the use of IKEv2 policies for VIA when selected. IKEv2 Authentication method. Refers to lists all IKEv2 authentication methods. VIA IPSec V2 Crypto Map Refers to lists all IPSec V2 that the VIA client uses to connect to the controller. VIA IPSec Crypto Map Refers to list of IPSec Crypto Map that the VIA client uses to connect to the controller. These IPSec Crypto Maps are configured in CLI using the crypto- local ipsec-map <ipsec-map-name> command. VIA Client Network Mask Refers to the network mask that must be set on the client after the VPN connection is established. Default: 255.255.255.255 VIA Client DNS Suffix List Refers to the DNS suffix list (comma separated) that must be set on the client once the VPN connection is established. Default: None. VIA Support E-mail Address Refers to the support e-mail address to which VIA users send client logs. Default: None. Client Auto-Login Enables VIA client to auto login and establishs a secure connection to the controller when selected. Default: Enabled Enable split-tunneling Enables split tunneling when selected.  If enabled, all traffic to the VIA tunneled networks (Step 3 in this table) will go through the controller and the rest is bridged directly on the client.  If disabled, traffic flows through the controller. Default: off Allow user to save passwords Enables users to save passwords entered in VIA when selected. Default: Enabled VIA max session timeout Refers to the maximum time (minutes) allowed before the VIA session is disconnected. Default: 1440 min Table 4 VIA - Connection Profile Options Configuration Option Description
  • 18. 14 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide 2. Expand VIA Web Authentication and click on default profile. You can have only one profile (default) for VIA web authentication. 3. Select a profile from VIA Authentication Profile drop-down list box and click Add.  To re-order profiles, click the Up and Down button.  To delete a profile, select a profile and click Delete. 4. If a profile is not selected, the default VIA authentication profile is used. Figure 11 VIA - Select VIA Authentication Profile Associate VIA Connection Profile to User Role To associate a VIA connection profile to a user role: 1. Navigate to Configuration > Security > Access Control > User Roles tab. 2. Select the VIA user role (See “Create VIA User Roles” on page 10) and click Edit. 3. In the Edit Role page, navigate to VIA Connection Profile and select the connection profile from the drop-down list box and click Change. 4. To save changes to the configuration, click Apply.
  • 19. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 15 Figure 12 VIA - Associate VIA Connection Profile to User Role Rebranding VIA and Uploading VIA Installers You can rebrand the VIA client and the VIA download page with your custom logo and HTML page. You can also upload latest versions of VIA installers. Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer Download VIA Installer and Version File To download the VIA installer and version file: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under VIA installers for various platforms section, click macviainstaller.pkg to download the installation file. Upload VIA Installer To upload a new VIA installer: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Upload new VIA Installers, browse and select the installer from your computer. Click Upload to upload the installer to the controller.
  • 20. 16 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Customize Logo To use a custom logo on the VIA download page and on the VIA client: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under the Customize Logo section, browse and select a logo from your computer. Click Upload to upload the image to the controller.  To use the default Aruba logo, click Reset. Customize the Landing Page for Web-based Login To use a custom landing page for VIA web login: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Customize Welcome HTML section, browse and select the HTML file from your computer. Click Upload to upload the image to the controller. The following variables are used in the custom HTML file: All variables in the custom HTML file have the following notation  <% user %>: this will display the username.  <% ip %>: this will display the IP address of the user.  <% role %>: this will be display the user role.  <% logo %>: this is the custom logo (Example: <img src="<% logo %>">)  <% logout %>: the logout link (Example: <a href="<% logout %>">VIA Web Logout</a>)  <% download %>: the installer download link (Example: <a href="<% download %>">Click here to download VIA</a>) To use the default welcome page, click Reset. 3. Click Apply to continue. Using CLI to Configure VIA The following steps illustrate configuring VIA using CLI. Install your Policy Enforcement Firewall Virtual Private Network (PEFV) license key. (host) (config)# license add <key> Create VIA Roles (host) (config) #user-role example-via-role (host) (config-role) #access-list session "allowall" position 1 (host) (config-role) #ipv6 session-acl "v6-allowall" position 2 Create VIA Authentication Profiles (host) (config) #aaa server-group "via-server-group" (host) (Server Group "via-server-group") #auth-server "Internal" position 1 (host) (Server Group "via-server-group") #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #default-role example-via-role The installer package should be a .arb file for the controller to accept the package. This is the installer package wrapped/signed with an Aruba signature. Commands that achieve specific task are described in this section. For detailed information on the VIA command line options, see the latest ArubaOS Command Reference Guide.
  • 21. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 17 (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group" Create VIA Connection Profiles (host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary Controller" position 0 (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #mac-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com Configure VIA Web Authentication (host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0 You can have only one profile (default) for VIA web authentication. Associate VIA Connection Profile to User Role (host) (config) #user-role "example-via-role" (host) (config-role) #via "via" Rebranding VIA and Uploading VIA Installers This step can only be performed using the WebUI. See “Rebranding VIA and Uploading VIA Installers” on page 15.
  • 22. 18 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide
  • 23. Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 19 Chapter 2 End User Instructions This section of the document provides end user instructions and information on using the VIA connection manager. This chapter includes the following topics:  “Pre-requisites” on page 19  “Downloading VIA” on page 19  “Installing VIA” on page 20  “Using VIA” on page 20  “Uninstalling VIA” on page 22  “Configruing Certificates ACL” on page 22 Pre-requisites Ensure that the system meets the following pre-requisites:  The systems running on the following versions of OS:  Apple Mac OSX Lion (10.7.x) version  Apple Mac OSX Mountain Lion (10.8.x) version  You have administrator privileges to install VIA.  The computer is connected to a wired or wireless network. Downloading VIA In a typical scenario, you will receive an e-mail from your local system administrator with details to download VIA from a URL (controllers public IP address). In this example, the users can download VIA setup files from https://via.bng.com/via after entering thier corporate credentials. VIA has been tested only with English-language versions of MacOSX. Technical support is not provided for non- English versions.
  • 24. 20 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Figure 14 Login to Download VIA Figure 15 Downloading VIA set up file after authentication Installing VIA Double-click the downloaded setup file macviainstaller.pkg to start the installation process. For information about the installation steps refer, “Installing the VIA Connection Manager” on page 5. Using VIA The VIA desktop application has the following options:  Connection Details Tab  Diagnostics Tab  Download and Clear Profile Button  Send Logs Button
  • 25. Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 21 Figure 16 VIA Connection Manager GUI Connection Details Tab This tab provides all required details about your remote connection. After a successful connection, you can see the assigned IP from your remote server, the profile used for the connection and other network related information.  Disconnect—Click this button to disconnect the current remote connection. You will have to manually connect for the next connection. VIA will not automatically start the connection.  Connection Profile—Click on the drop-down options to select an alternate connection profile. Diagnostic Tab Provides information on the sequence of events that happened during the recent connection. Download and Clear Profile Button Click this button to download the connection profiles over HTTPS when the VIA user chooses to download profiles or click this to clear the profile. This section also provides VIA details and other connection messages. This button switches between Clear Profile and Download Profile based on the profile you select in Connection Profile. If you have selected a profile in Connection Profile, this button reads as Clear Profile. If you have not selected a profile in Connection Profile, this button reads as Download Profile.
  • 26. 22 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Send Logs Button Click Send Logs to send the list of log files collected by VIA. To enable your support team to effectively resolve your VIA connection issues, it is mandatory that you send logs generated by VIA. Uninstalling VIA To uninstall VIA, execute the command sudo /usr/local/bin/macviauninstaller.sh in the Mac terminal. Configruing Certificates ACL The Certificate Key Access Control List (ACL) allows the VIA VPN Agent to use key from the keychain without requesting credentials. Certificate Key is used to sign the data while IKE communication. Perform the following steps to configure the certificate vpnagent ACL to the users using the Mac VIA client. 1. In Mac OS, select Applications > Utilities > Keychain Access. 2. In the left-pane, under Category select Certificates. 3. In the right-pane, select Users and double-click on the name of the user. 4. Click Access Control. 5. Select the option Confirm before allowing access. 6. Verify vpnagent is listed under Always allow access by these applications:. If vpnagent is not in the list, click + and select the folder /usr/libexec and select vpnagent. If the default Mailclient is configured, it opens an e-mail with a log file attached to it. If the default Mailclient is not configured, it opens an e-mail without the attachment and you must manually attach the log files to the e-mail.