SlideShare a Scribd company logo

Aruba VIA 2.0 (Mac) User Guide

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Aruba VIA 2.0 (Mac) User Guide

TechnologyTravel
1 of 26
Download to read offline
Aruba VIA 2.0 Mac Edition UserGuide
www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba VIA 2.0 Mac Edition | User Guide 0511257-01 | January 2013 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty.
Aruba VIA 2.0 Mac Edition | User Guide | 1 Contents About this Guide....................................................................................................................3 VIA Connection Manager.......................................................................................3 How it Works...................................................................................................3 Compatibility Matrix...............................................................................................4 Installing the VIA Connection Manager .................................................................5 Chapter 1 VIA Configuration.....................................................................................9 Before you Begin...................................................................................................9 Authentication Mechanisms for Aruba VIA 2.0 Mac Edition..................................9 IKEv1...............................................................................................................9 IKEv2...............................................................................................................9 Configuring VIA Settings......................................................................................10 Using ArubaOS WebUI to Configure VIA ......................................................10 Install PEFV license ................................................................................10 Create VIA User Roles ............................................................................10 Create VIA Authentication Profile ...........................................................11 Create VIA Connection Profile................................................................12 Configure VIA Web Authentication .........................................................13 Associate VIA Connection Profile to User Role......................................14 Rebranding VIA and Uploading VIA Installers ........................................15 Using CLI to Configure VIA ...........................................................................16 Create VIA Roles.....................................................................................16 Create VIA Authentication Profiles .........................................................16 Create VIA Connection Profiles ..............................................................17 Configure VIA Web Authentication .........................................................17 Associate VIA Connection Profile to User Role......................................17 Rebranding VIA and Uploading VIA Installers ........................................17 Chapter 2 End User Instructions............................................................................19 Pre-requisites ......................................................................................................19 Downloading VIA .................................................................................................19 Installing VIA ........................................................................................................20 Using VIA .............................................................................................................20 Connection Details Tab.................................................................................21 Diagnostic Tab ..............................................................................................21 Download and Clear Profile Button...............................................................21 Send Logs Button .........................................................................................22 Uninstalling VIA....................................................................................................22 Configruing Certificates ACL...............................................................................22
2 | Aruba VIA 2.0 Mac Edition | User Guide
Aruba VIA 2.0 Mac Edition | User Guide Figures | 1 Figures Figure 1 Welcome Page for Installation...............................................................................5 Figure 2 License Agreement................................................................................................5 Figure 3 License Agreement Prompt...................................................................................6 Figure 4 Standard Install......................................................................................................6 Figure 5 Install Success Page .............................................................................................6 Figure 6 Connection Details ................................................................................................7 Figure 7 VIA - Associate User Role to VIA Authentication Profile .....................................11 Figure 8 VIA - Creating a new server group for VIA authentication profile........................11 Figure 9 VIA - Enter a name for the server group..............................................................12 Figure 10 VIA - Create VIA Connection Profile ....................................................................12 Figure 11 VIA - Select VIA Authentication Profile ................................................................14 Figure 12 VIA - Associate VIA Connection Profile to User Role ..........................................15 Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer ...............15 Figure 14 Login to Download VIA........................................................................................20 Figure 15 Downloading VIA set up file after authentication.................................................20 Figure 16 VIA Connection Manager GUI .............................................................................21
2 | Figures Aruba VIA 2.0 Mac Edition | User Guide
Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 3 About this Guide Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the user’s network environment (trusted and un-trusted) and automatically connects the user to their enterprise network. Trusted networks typically refer to protected office networks that allow users to directly access corporate intranet. Un-trusted networks are public Wi-Fi hotspots such as airports, cafes, or home network. The VIA solution comes in two parts—VIA connection manager and the controller configuration.  VIA connection manager—Teleworkers and mobile users can easily install a light weight application on their computers running on MacOSX to connect to their enterprise network from remote locations (see “VIA Connection Manager” on page 3).  Controller configuration—To set up virtual intranet access for remote users, you must configure your controller with user roles, and authentication and connection profiles. You can use either the WebUI or CLI to configure your controller (see “VIA Configuration” on page 9). VIA requires the PEFV license and is supported on the M3, 3000 Series, and 600 Series controller. This chapter includes the following topics:  “VIA Connection Manager” on page 3  “Compatibility Matrix” on page 4  “Installing the VIA Connection Manager” on page 5  “Configuring VIA Settings” on page 10 VIA Connection Manager If a user is connected from a remote location that is outside of the enterprise network, VIA automatically detects the environment as un-trusted and creates a secure IPSec connection between the user and the enterprise network. When the user moves into the trusted network, VIA detects the network type and moves to idle state by dropping the IPSec connection. How it Works VIA provides a seamless connectivity experience to users when accessing an enterprise or corporate resource, for example workstation or server, from an un-trusted or trusted network connection. By default, VIA is launched automatically at system start and establishes a remote connection. Table 1 on page 3 explains the typical behavior: Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The client or user moves from a trusted to un-trusted environment. For example, from office to a public hot- spot. Auto-launches and establishes connection to remote network.
4 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Compatibility Matrix The following table shows the compatibility of VIA 2.0 for Mac. The client moves from an un-trusted to a trusted environment. Auto-launch and stay idle. VIA does not establish remote connection. You can, however, manually connect to a network by selecting an appropriate connection profile from the Settings tab. While in an un-trusted environment, user disconnects the remote connection. Disconnects gracefully. User moves to a trusted environment. Stays idle and does not connect. User moves to an un-trusted environment Stays idle and does not connect. This usually happens, if the user has in a previous occasion disconnected a secure connection by clicking the Disconnect button in VIA. Users can manually connect using one of the following methods: 1. Right-click on the VIA icon in the system tray and select the Restore option and then select the Connect option to connect using the default connection profile. 2. Right-click on the VIA icon in the system tray and select the Connect option. In an un-trusted environment, user restarts the system. Auto-launches and establishes remote connection. In an un-trusted environment, user shuts down the system. Moves to a trusted environment and restarts system. Auto-launches and stays idle. Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The events do not always occur in the order shown in the Table 1 on page 3. Table 2 VIA Compatibility Matrix ArubaOS Version Operating Systems Mac 10.7.X Mac 10.8.X ArubaOS 5.0.X Compatible Compatible ArubaOS 6.0.x Compatible Compatible ArubaOS 6.1.x Compatible Compatible ArubaOS 6.2.x Compatible Compatible
Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 5 Installing the VIA Connection Manager Users can download VIA from a URL provided by their local system administrators and install it on their computers. Alternatively, administrators can install VIA by using a system management software. Perform the following steps to install a VIA client on Apple MacOSX. Ensure that you have met the “Pre- requisites” on page 19 before proceeding with the installation. 1. Double-click the downloaded set up file macviainstaller.pkg to start the installation process. The Welcome page of the VIA Installation wizard appears.. Figure 1 Welcome Page for Installation 2. Click Continue. The License Agreement page appears. Figure 2 License Agreement 3. Click Continue. The License Agreement prompt appears. For information about the VIA Connection Manager and OS compatibility, see Chapter 2, “End User Instructions” on page 19.
6 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Figure 3 License Agreement Prompt 4. Click Agree. The Standard Install page appears. Figure 4 Standard Install 5. Click Install. After the successful installation, the page indicating successful installation appears. Figure 5 Install Success Page 6. Click Close to complete the installation. After the installation is complete, the connection details pop-up window appears.
Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 7 Figure 6 Connection Details 7. Enter the following details: a. Remote server URL—Obtain this URL from the system administrator. The administrator can also provision the URL on the controller. In such cases, provide the username and password. b. Username—Domain user name of the user. c. Password—Domain password of the user. 8. Click Connect to initiate a secure VIA connection.
8 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide
Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 9 Chapter 1 VIA Configuration The VPN settings must be configured before configuring VIA. For information on configuring VPN settings on your controller, see Virtual Private Networks chapter in the latest ArubaOS user guide . This chapter includes the following topics:  “Before you Begin” on page 9  “Authentication Mechanisms for Aruba VIA 2.0 Mac Edition” on page 9  “Configuring VIA Settings” on page 10 Before you Begin The following ports must be enabled before configuring the VIA controller.  TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and captive portal checks against the controller. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.  UDP 4500—Required for IPSec transport. Authentication Mechanisms for Aruba VIA 2.0 Mac Edition Authentication is performed using IKEv1 and IKEv2 methods. IKEv1 In IKEv1, phase 0 authentication, which authenticates the VPN client, can be performed using either a pre- shared key or an X.509 certificate (the X.509 certificate must appear in the operating system’s “user” certificate store.) If certificates are used for IKE phase 0 authentication, it must be followed by username and password authentication. The second authentication phase is performed using xAuth, which requires a username and password. The username and password is authenticated against the controller’s internal database, a RADIUS server, or an LDAP server. If a RADIUS server is used, it must support the PAP protocol. Support for two-factor authentication such as token cards is provided in VIA 2.0. Token product such as RSA tokens and other token cards are also supported. This includes support for new-pin and next-pin. IKEv2 IKEv2 is an updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 has only single phase authentication process. VIA supports the following IKEv2 authentication methods:  X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.  EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.
10 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Configuring VIA Settings The following steps are required to configure your controller for VIA. These steps are described in detail in the subsections that follow. 1. Install PEFV license—ArubaOS allows you to connect to the VIA controller using the default user roles. However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual Private Network (PEFV) license. 2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using VIA. You can configure different VIA roles or use the default VIA role—default-via- role. 3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA users. The server group contains the list of authentication servers and server rules to derive user roles based on the user authentication. You can configure multiple VIA authentication profiles and/or use the default VIA authentication profile created with Internal server group 4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used. 5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login. 6. Associate VIA Connection Profile to User Role—A VIA connection profile must be associated to a user role. Users login by authenticating against the server group specified in the VIA authentication profile and are put into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that user role. The default VIA connection profile is used. 7. Rebranding VIA and Uploading VIA Installers—You can use a custom logo on the VIA client and on the VIA download web page. 8. Download VIA Installer and Version File— VIA installers are available at the Aruba support site and are uploaded to the controller or an external hosting server for download by the users. After the users login to the VIA download page, the controller presents the appropriate VIA image version file. Using ArubaOS WebUI to Configure VIA The following steps illustrate configuring your controller for VIA using the WebUI. Install PEFV license Install the PEFV license to configure and assign user roles. For more information on licenses, see Software Licenses chapter in the latest ArubaOS 6.1 user guide. To install a license: 1. Navigate to Configuration > Network > Controller and select the Licenses tab on the right hand side. 2. Paste the license key in the Add New License key text box and click Add. Create VIA User Roles To create VIA users roles: 1. Navigate to Configuration > Security > Access Control > User Roles.
Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 11 2. Click Add to create new policies. 3. Click Done after creating the user role and click Apply to save it to the configuration. Create VIA Authentication Profile To create an authentication profile to authenticate users against a server group: 1. Navigate to Configuration > Security > Authentication > L3 Authentication. 2. Under the Profiles section, expand the VIA Authentication Profile option. You can configure the following parameters for the authentication profile: Table 3 VIA - Authentication Profile Parameters Parameter Description Default Role The role that will be assigned to the authenticated users. Max Authentication Failures Specifies the maximum authentication failures allowed. The default is 0 (zero). Description A user friendly name or description for the authentication profile. 3. To create a new authentication profile: a. Enter a name for the new authentication profile under the VIA Authentication Profiles section and click Add. b. Expand the VIA Authentication Profiles option and select the new profile name. 4. To modify an authentication profile, select the profile name to configure the default role The following figure uses the default authentication profile. Figure 7 VIA - Associate User Role to VIA Authentication Profile 5. To use a different server group, Click Server Group under VIA Authentication Profile and select New to create a new server group. Figure 8 VIA - Creating a new server group for VIA authentication profile 6. Enter a name for the server group.
12 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Figure 9 VIA - Enter a name for the server group Create VIA Connection Profile To create VIA connection profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. Click the VIA Connection Profile option and enter a name for the connection profile. Figure 10 VIA - Create VIA Connection Profile 2. Click on the new VIA connection profile to configure the connection settings. You can configure the following options for a VIA connection profile. Table 4 VIA - Connection Profile Options Configuration Option Description VIA Servers Enter the following information about the VIA controller.  Hostname/IP Address: This is the public IP address or the DNS hostname of your VIA Server / controller. You can connect to this remote server using the IP address or the hostname.  Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belonging to this VIA server.  Description: This is a human-readable description of the VIA server. Click Add after entering all the details. If you have more than one VIA controller you can re-order them by clicking the Up and Down arrows. To delete a VIA server from the list, select a server and click Delete. VIA Authentication Profiles to provision This is the list of VIA authentication profiles displayed to users in the VIA client. See “Create VIA Authentication Profile” on page 11.  Select an authentication profile and click Add to add to the authentication profiles list.  Change the order of the list by clicking the Up and Down arrows, if required.  To delete an authentication profile, select a profile name and click Delete.
Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 13 Configure VIA Web Authentication To configure VIA web authentication profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. VIA tunneled networks Refers to a list of network destination (IP address and netmask) that the VIA client tunnels through the controller. All other network destinations are reachable directly by the VIA client.  Enter an IP address and network mask. Click Add to add them to the tunneled networks list.  To delete a network entry, select the IP address and click Delete. VIA IKE V2 Policy Refers to list of available IKEv2 policies. VIA IKE Policy Refers to list of IKE policies that the VIA Client has to use to connect to the controller. These IKE policies are configured under Configuration > Advanced Services > VPN Services > IPSEC > IKE Policies. Enable IKEv2 Enables the use of IKEv2 policies for VIA when selected. IKEv2 Authentication method. Refers to lists all IKEv2 authentication methods. VIA IPSec V2 Crypto Map Refers to lists all IPSec V2 that the VIA client uses to connect to the controller. VIA IPSec Crypto Map Refers to list of IPSec Crypto Map that the VIA client uses to connect to the controller. These IPSec Crypto Maps are configured in CLI using the crypto- local ipsec-map <ipsec-map-name> command. VIA Client Network Mask Refers to the network mask that must be set on the client after the VPN connection is established. Default: 255.255.255.255 VIA Client DNS Suffix List Refers to the DNS suffix list (comma separated) that must be set on the client once the VPN connection is established. Default: None. VIA Support E-mail Address Refers to the support e-mail address to which VIA users send client logs. Default: None. Client Auto-Login Enables VIA client to auto login and establishs a secure connection to the controller when selected. Default: Enabled Enable split-tunneling Enables split tunneling when selected.  If enabled, all traffic to the VIA tunneled networks (Step 3 in this table) will go through the controller and the rest is bridged directly on the client.  If disabled, traffic flows through the controller. Default: off Allow user to save passwords Enables users to save passwords entered in VIA when selected. Default: Enabled VIA max session timeout Refers to the maximum time (minutes) allowed before the VIA session is disconnected. Default: 1440 min Table 4 VIA - Connection Profile Options Configuration Option Description
14 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide 2. Expand VIA Web Authentication and click on default profile. You can have only one profile (default) for VIA web authentication. 3. Select a profile from VIA Authentication Profile drop-down list box and click Add.  To re-order profiles, click the Up and Down button.  To delete a profile, select a profile and click Delete. 4. If a profile is not selected, the default VIA authentication profile is used. Figure 11 VIA - Select VIA Authentication Profile Associate VIA Connection Profile to User Role To associate a VIA connection profile to a user role: 1. Navigate to Configuration > Security > Access Control > User Roles tab. 2. Select the VIA user role (See “Create VIA User Roles” on page 10) and click Edit. 3. In the Edit Role page, navigate to VIA Connection Profile and select the connection profile from the drop-down list box and click Change. 4. To save changes to the configuration, click Apply.
Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 15 Figure 12 VIA - Associate VIA Connection Profile to User Role Rebranding VIA and Uploading VIA Installers You can rebrand the VIA client and the VIA download page with your custom logo and HTML page. You can also upload latest versions of VIA installers. Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer Download VIA Installer and Version File To download the VIA installer and version file: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under VIA installers for various platforms section, click macviainstaller.pkg to download the installation file. Upload VIA Installer To upload a new VIA installer: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Upload new VIA Installers, browse and select the installer from your computer. Click Upload to upload the installer to the controller.
16 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Customize Logo To use a custom logo on the VIA download page and on the VIA client: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under the Customize Logo section, browse and select a logo from your computer. Click Upload to upload the image to the controller.  To use the default Aruba logo, click Reset. Customize the Landing Page for Web-based Login To use a custom landing page for VIA web login: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Customize Welcome HTML section, browse and select the HTML file from your computer. Click Upload to upload the image to the controller. The following variables are used in the custom HTML file: All variables in the custom HTML file have the following notation  <% user %>: this will display the username.  <% ip %>: this will display the IP address of the user.  <% role %>: this will be display the user role.  <% logo %>: this is the custom logo (Example: <img src="<% logo %>">)  <% logout %>: the logout link (Example: <a href="<% logout %>">VIA Web Logout</a>)  <% download %>: the installer download link (Example: <a href="<% download %>">Click here to download VIA</a>) To use the default welcome page, click Reset. 3. Click Apply to continue. Using CLI to Configure VIA The following steps illustrate configuring VIA using CLI. Install your Policy Enforcement Firewall Virtual Private Network (PEFV) license key. (host) (config)# license add <key> Create VIA Roles (host) (config) #user-role example-via-role (host) (config-role) #access-list session "allowall" position 1 (host) (config-role) #ipv6 session-acl "v6-allowall" position 2 Create VIA Authentication Profiles (host) (config) #aaa server-group "via-server-group" (host) (Server Group "via-server-group") #auth-server "Internal" position 1 (host) (Server Group "via-server-group") #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #default-role example-via-role The installer package should be a .arb file for the controller to accept the package. This is the installer package wrapped/signed with an Aruba signature. Commands that achieve specific task are described in this section. For detailed information on the VIA command line options, see the latest ArubaOS Command Reference Guide.
Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 17 (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group" Create VIA Connection Profiles (host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary Controller" position 0 (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #mac-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com Configure VIA Web Authentication (host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0 You can have only one profile (default) for VIA web authentication. Associate VIA Connection Profile to User Role (host) (config) #user-role "example-via-role" (host) (config-role) #via "via" Rebranding VIA and Uploading VIA Installers This step can only be performed using the WebUI. See “Rebranding VIA and Uploading VIA Installers” on page 15.
18 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide
Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 19 Chapter 2 End User Instructions This section of the document provides end user instructions and information on using the VIA connection manager. This chapter includes the following topics:  “Pre-requisites” on page 19  “Downloading VIA” on page 19  “Installing VIA” on page 20  “Using VIA” on page 20  “Uninstalling VIA” on page 22  “Configruing Certificates ACL” on page 22 Pre-requisites Ensure that the system meets the following pre-requisites:  The systems running on the following versions of OS:  Apple Mac OSX Lion (10.7.x) version  Apple Mac OSX Mountain Lion (10.8.x) version  You have administrator privileges to install VIA.  The computer is connected to a wired or wireless network. Downloading VIA In a typical scenario, you will receive an e-mail from your local system administrator with details to download VIA from a URL (controllers public IP address). In this example, the users can download VIA setup files from https://via.bng.com/via after entering thier corporate credentials. VIA has been tested only with English-language versions of MacOSX. Technical support is not provided for non- English versions.
20 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Figure 14 Login to Download VIA Figure 15 Downloading VIA set up file after authentication Installing VIA Double-click the downloaded setup file macviainstaller.pkg to start the installation process. For information about the installation steps refer, “Installing the VIA Connection Manager” on page 5. Using VIA The VIA desktop application has the following options:  Connection Details Tab  Diagnostics Tab  Download and Clear Profile Button  Send Logs Button
Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 21 Figure 16 VIA Connection Manager GUI Connection Details Tab This tab provides all required details about your remote connection. After a successful connection, you can see the assigned IP from your remote server, the profile used for the connection and other network related information.  Disconnect—Click this button to disconnect the current remote connection. You will have to manually connect for the next connection. VIA will not automatically start the connection.  Connection Profile—Click on the drop-down options to select an alternate connection profile. Diagnostic Tab Provides information on the sequence of events that happened during the recent connection. Download and Clear Profile Button Click this button to download the connection profiles over HTTPS when the VIA user chooses to download profiles or click this to clear the profile. This section also provides VIA details and other connection messages. This button switches between Clear Profile and Download Profile based on the profile you select in Connection Profile. If you have selected a profile in Connection Profile, this button reads as Clear Profile. If you have not selected a profile in Connection Profile, this button reads as Download Profile.
22 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Send Logs Button Click Send Logs to send the list of log files collected by VIA. To enable your support team to effectively resolve your VIA connection issues, it is mandatory that you send logs generated by VIA. Uninstalling VIA To uninstall VIA, execute the command sudo /usr/local/bin/macviauninstaller.sh in the Mac terminal. Configruing Certificates ACL The Certificate Key Access Control List (ACL) allows the VIA VPN Agent to use key from the keychain without requesting credentials. Certificate Key is used to sign the data while IKE communication. Perform the following steps to configure the certificate vpnagent ACL to the users using the Mac VIA client. 1. In Mac OS, select Applications > Utilities > Keychain Access. 2. In the left-pane, under Category select Certificates. 3. In the right-pane, select Users and double-click on the name of the user. 4. Click Access Control. 5. Select the option Confirm before allowing access. 6. Verify vpnagent is listed under Always allow access by these applications:. If vpnagent is not in the list, click + and select the folder /usr/libexec and select vpnagent. If the default Mailclient is configured, it opens an e-mail with a log file attached to it. If the default Mailclient is not configured, it opens an e-mail without the attachment and you must manually attach the log files to the e-mail.

Recommended

Dependable Software Development in Software Engineering SE18
Dependable Software Development in Software Engineering SE18Dependable Software Development in Software Engineering SE18
Dependable Software Development in Software Engineering SE18koolkampus
 
Introduction to Distributed Computing & Distributed Databases
Introduction to Distributed Computing & Distributed DatabasesIntroduction to Distributed Computing & Distributed Databases
Introduction to Distributed Computing & Distributed DatabasesShankar Iyer
 
New holland td90 tractor service repair manual
New holland td90 tractor service repair manualNew holland td90 tractor service repair manual
New holland td90 tractor service repair manualufjsjejkksemme
 
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...jksmemd eudkmmd
 
Vagrant
VagrantVagrant
VagrantEvans Ye
 
Accessibility with OutSystems
Accessibility with OutSystemsAccessibility with OutSystems
Accessibility with OutSystemsBruno Marcelino
 
Wiring diagram fm (euro5)
Wiring diagram fm (euro5)Wiring diagram fm (euro5)
Wiring diagram fm (euro5)Oleg Kur'yan
 
Building CRUD Wrappers
Building CRUD WrappersBuilding CRUD Wrappers
Building CRUD WrappersOutSystems
 

Recommended

Dependable Software Development in Software Engineering SE18
Dependable Software Development in Software Engineering SE18Dependable Software Development in Software Engineering SE18
Dependable Software Development in Software Engineering SE18koolkampus
 
Introduction to Distributed Computing & Distributed Databases
Introduction to Distributed Computing & Distributed DatabasesIntroduction to Distributed Computing & Distributed Databases
Introduction to Distributed Computing & Distributed DatabasesShankar Iyer
 
New holland td90 tractor service repair manual
New holland td90 tractor service repair manualNew holland td90 tractor service repair manual
New holland td90 tractor service repair manualufjsjejkksemme
 
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...
Perkins 2200 series 2206 f e13ta industrial engine (model pp3 engine)service ...jksmemd eudkmmd
 
Vagrant
VagrantVagrant
VagrantEvans Ye
 
Accessibility with OutSystems
Accessibility with OutSystemsAccessibility with OutSystems
Accessibility with OutSystemsBruno Marcelino
 
Wiring diagram fm (euro5)
Wiring diagram fm (euro5)Wiring diagram fm (euro5)
Wiring diagram fm (euro5)Oleg Kur'yan
 
Building CRUD Wrappers
Building CRUD WrappersBuilding CRUD Wrappers
Building CRUD WrappersOutSystems
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux EditionAruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux EditionAruba, a Hewlett Packard Enterprise company
 
Aruba OS 6.3 User Guide
Aruba OS 6.3 User GuideAruba OS 6.3 User Guide
Aruba OS 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesAruba, a Hewlett Packard Enterprise company
 
Aruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideAruba, a Hewlett Packard Enterprise company
 
Airwave 7.7.9 Release Notes
Airwave 7.7.9 Release NotesAirwave 7.7.9 Release Notes
Airwave 7.7.9 Release NotesAruba, a Hewlett Packard Enterprise company
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Activate User Guide
Aruba Activate User GuideAruba Activate User Guide
Aruba Activate User GuideAruba, a Hewlett Packard Enterprise company
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Aruba OS 6.4 User Guide
Aruba OS 6.4 User GuideAruba OS 6.4 User Guide
Aruba OS 6.4 User GuideAruba, a Hewlett Packard Enterprise company
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesAruba, a Hewlett Packard Enterprise company
 
ClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release NotesClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release NotesAruba, a Hewlett Packard Enterprise company
 
Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Aruba, a Hewlett Packard Enterprise company
 
Wm4 0 quickstartguideissue1
Wm4 0 quickstartguideissue1Wm4 0 quickstartguideissue1
Wm4 0 quickstartguideissue1Advantec Distribution
 

More Related Content

Viewers also liked

Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
 

Viewers also liked (20)

ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User Guide
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guide
 
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux EditionAruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
 
Aruba OS 6.3 User Guide
Aruba OS 6.3 User GuideAruba OS 6.3 User Guide
Aruba OS 6.3 User Guide
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
 
Aruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference Guide
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start Guide
 
Airwave 7.7.9 Release Notes
Airwave 7.7.9 Release NotesAirwave 7.7.9 Release Notes
Airwave 7.7.9 Release Notes
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Aruba Activate User Guide
Aruba Activate User GuideAruba Activate User Guide
Aruba Activate User Guide
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peap
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
 
Aruba OS 6.4 User Guide
Aruba OS 6.4 User GuideAruba OS 6.4 User Guide
Aruba OS 6.4 User Guide
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
 
ClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release NotesClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release Notes
 

Similar to Aruba VIA 2.0 (Mac) User Guide

Microsoft Dynamics CRM - Connector Overview
Microsoft Dynamics CRM - Connector OverviewMicrosoft Dynamics CRM - Connector Overview
Microsoft Dynamics CRM - Connector OverviewMicrosoft Private Cloud
 
APM81SP1_RevA_Installation_Book
APM81SP1_RevA_Installation_BookAPM81SP1_RevA_Installation_Book
APM81SP1_RevA_Installation_BookDavid_Tickner
 
Netbackup intallation guide
Netbackup intallation guideNetbackup intallation guide
Netbackup intallation guiderajan981
 
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-Filter
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-FilterLoad-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-Filter
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-FilterLoadbalancer_org_Gmbh
 
Load-Balancing-Smoothwall-Web-Proxy-Deployment-Guide
Load-Balancing-Smoothwall-Web-Proxy-Deployment-GuideLoad-Balancing-Smoothwall-Web-Proxy-Deployment-Guide
Load-Balancing-Smoothwall-Web-Proxy-Deployment-GuideLoadbalancer_org_Gmbh
 
Ovm user's guide
Ovm user's guideOvm user's guide
Ovm user's guideconlee82
 
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdf
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdfCeragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdf
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdfjonatanmedeirosgomes1
 
Microsoft Dynamics CRM - Plug in User Guide
Microsoft Dynamics CRM - Plug in User GuideMicrosoft Dynamics CRM - Plug in User Guide
Microsoft Dynamics CRM - Plug in User GuideMicrosoft Private Cloud
 
inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1druva_slideshare
 
Load balancer-fuer-bloxx-content-filter-der-deployment-guide
Load balancer-fuer-bloxx-content-filter-der-deployment-guideLoad balancer-fuer-bloxx-content-filter-der-deployment-guide
Load balancer-fuer-bloxx-content-filter-der-deployment-guideLoadbalancer_org_Gmbh
 

Similar to Aruba VIA 2.0 (Mac) User Guide (20)

Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)
 
Wm4 0 quickstartguideissue1
Wm4 0 quickstartguideissue1Wm4 0 quickstartguideissue1
Wm4 0 quickstartguideissue1
 
Microsoft Dynamics CRM - Connector Overview
Microsoft Dynamics CRM - Connector OverviewMicrosoft Dynamics CRM - Connector Overview
Microsoft Dynamics CRM - Connector Overview
 
SLM
SLMSLM
SLM
 
Config Guide Ip Sec
Config Guide Ip SecConfig Guide Ip Sec
Config Guide Ip Sec
 
APM81SP1_RevA_Installation_Book
APM81SP1_RevA_Installation_BookAPM81SP1_RevA_Installation_Book
APM81SP1_RevA_Installation_Book
 
Netbackup intallation guide
Netbackup intallation guideNetbackup intallation guide
Netbackup intallation guide
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
 
Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3
 
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-Filter
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-FilterLoad-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-Filter
Load-Balancer-Deployment-Guide-für-Smoothwall-Web-Proxy-Web-Filter
 
Load-Balancing-Smoothwall-Web-Proxy-Deployment-Guide
Load-Balancing-Smoothwall-Web-Proxy-Deployment-GuideLoad-Balancing-Smoothwall-Web-Proxy-Deployment-Guide
Load-Balancing-Smoothwall-Web-Proxy-Deployment-Guide
 
121ontapi
121ontapi121ontapi
121ontapi
 
Ovm user's guide
Ovm user's guideOvm user's guide
Ovm user's guide
 
Adf tutorial oracle
Adf tutorial oracleAdf tutorial oracle
Adf tutorial oracle
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdf
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdfCeragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdf
Ceragon_FibeAir_IP-20C_S_E_C8.0_User_Manual_Rev_C.01.pdf
 
Microsoft Dynamics CRM - Plug in User Guide
Microsoft Dynamics CRM - Plug in User GuideMicrosoft Dynamics CRM - Plug in User Guide
Microsoft Dynamics CRM - Plug in User Guide
 
inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1
 
Aruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notesAruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notes
 
Load balancer-fuer-bloxx-content-filter-der-deployment-guide
Load balancer-fuer-bloxx-content-filter-der-deployment-guideLoad balancer-fuer-bloxx-content-filter-der-deployment-guide
Load balancer-fuer-bloxx-content-filter-der-deployment-guide
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Aruba VIA 2.0 (Mac) User Guide

  • 1. Aruba VIA 2.0 Mac Edition UserGuide
  • 2. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba VIA 2.0 Mac Edition | User Guide 0511257-01 | January 2013 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty.
  • 3. Aruba VIA 2.0 Mac Edition | User Guide | 1 Contents About this Guide....................................................................................................................3 VIA Connection Manager.......................................................................................3 How it Works...................................................................................................3 Compatibility Matrix...............................................................................................4 Installing the VIA Connection Manager .................................................................5 Chapter 1 VIA Configuration.....................................................................................9 Before you Begin...................................................................................................9 Authentication Mechanisms for Aruba VIA 2.0 Mac Edition..................................9 IKEv1...............................................................................................................9 IKEv2...............................................................................................................9 Configuring VIA Settings......................................................................................10 Using ArubaOS WebUI to Configure VIA ......................................................10 Install PEFV license ................................................................................10 Create VIA User Roles ............................................................................10 Create VIA Authentication Profile ...........................................................11 Create VIA Connection Profile................................................................12 Configure VIA Web Authentication .........................................................13 Associate VIA Connection Profile to User Role......................................14 Rebranding VIA and Uploading VIA Installers ........................................15 Using CLI to Configure VIA ...........................................................................16 Create VIA Roles.....................................................................................16 Create VIA Authentication Profiles .........................................................16 Create VIA Connection Profiles ..............................................................17 Configure VIA Web Authentication .........................................................17 Associate VIA Connection Profile to User Role......................................17 Rebranding VIA and Uploading VIA Installers ........................................17 Chapter 2 End User Instructions............................................................................19 Pre-requisites ......................................................................................................19 Downloading VIA .................................................................................................19 Installing VIA ........................................................................................................20 Using VIA .............................................................................................................20 Connection Details Tab.................................................................................21 Diagnostic Tab ..............................................................................................21 Download and Clear Profile Button...............................................................21 Send Logs Button .........................................................................................22 Uninstalling VIA....................................................................................................22 Configruing Certificates ACL...............................................................................22
  • 4. 2 | Aruba VIA 2.0 Mac Edition | User Guide
  • 5. Aruba VIA 2.0 Mac Edition | User Guide Figures | 1 Figures Figure 1 Welcome Page for Installation...............................................................................5 Figure 2 License Agreement................................................................................................5 Figure 3 License Agreement Prompt...................................................................................6 Figure 4 Standard Install......................................................................................................6 Figure 5 Install Success Page .............................................................................................6 Figure 6 Connection Details ................................................................................................7 Figure 7 VIA - Associate User Role to VIA Authentication Profile .....................................11 Figure 8 VIA - Creating a new server group for VIA authentication profile........................11 Figure 9 VIA - Enter a name for the server group..............................................................12 Figure 10 VIA - Create VIA Connection Profile ....................................................................12 Figure 11 VIA - Select VIA Authentication Profile ................................................................14 Figure 12 VIA - Associate VIA Connection Profile to User Role ..........................................15 Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer ...............15 Figure 14 Login to Download VIA........................................................................................20 Figure 15 Downloading VIA set up file after authentication.................................................20 Figure 16 VIA Connection Manager GUI .............................................................................21
  • 6. 2 | Figures Aruba VIA 2.0 Mac Edition | User Guide
  • 7. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 3 About this Guide Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the user’s network environment (trusted and un-trusted) and automatically connects the user to their enterprise network. Trusted networks typically refer to protected office networks that allow users to directly access corporate intranet. Un-trusted networks are public Wi-Fi hotspots such as airports, cafes, or home network. The VIA solution comes in two parts—VIA connection manager and the controller configuration.  VIA connection manager—Teleworkers and mobile users can easily install a light weight application on their computers running on MacOSX to connect to their enterprise network from remote locations (see “VIA Connection Manager” on page 3).  Controller configuration—To set up virtual intranet access for remote users, you must configure your controller with user roles, and authentication and connection profiles. You can use either the WebUI or CLI to configure your controller (see “VIA Configuration” on page 9). VIA requires the PEFV license and is supported on the M3, 3000 Series, and 600 Series controller. This chapter includes the following topics:  “VIA Connection Manager” on page 3  “Compatibility Matrix” on page 4  “Installing the VIA Connection Manager” on page 5  “Configuring VIA Settings” on page 10 VIA Connection Manager If a user is connected from a remote location that is outside of the enterprise network, VIA automatically detects the environment as un-trusted and creates a secure IPSec connection between the user and the enterprise network. When the user moves into the trusted network, VIA detects the network type and moves to idle state by dropping the IPSec connection. How it Works VIA provides a seamless connectivity experience to users when accessing an enterprise or corporate resource, for example workstation or server, from an un-trusted or trusted network connection. By default, VIA is launched automatically at system start and establishes a remote connection. Table 1 on page 3 explains the typical behavior: Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The client or user moves from a trusted to un-trusted environment. For example, from office to a public hot- spot. Auto-launches and establishes connection to remote network.
  • 8. 4 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Compatibility Matrix The following table shows the compatibility of VIA 2.0 for Mac. The client moves from an un-trusted to a trusted environment. Auto-launch and stay idle. VIA does not establish remote connection. You can, however, manually connect to a network by selecting an appropriate connection profile from the Settings tab. While in an un-trusted environment, user disconnects the remote connection. Disconnects gracefully. User moves to a trusted environment. Stays idle and does not connect. User moves to an un-trusted environment Stays idle and does not connect. This usually happens, if the user has in a previous occasion disconnected a secure connection by clicking the Disconnect button in VIA. Users can manually connect using one of the following methods: 1. Right-click on the VIA icon in the system tray and select the Restore option and then select the Connect option to connect using the default connection profile. 2. Right-click on the VIA icon in the system tray and select the Connect option. In an un-trusted environment, user restarts the system. Auto-launches and establishes remote connection. In an un-trusted environment, user shuts down the system. Moves to a trusted environment and restarts system. Auto-launches and stays idle. Table 1 VIA Connectivity Behavior User action/environment VIA’s behavior The events do not always occur in the order shown in the Table 1 on page 3. Table 2 VIA Compatibility Matrix ArubaOS Version Operating Systems Mac 10.7.X Mac 10.8.X ArubaOS 5.0.X Compatible Compatible ArubaOS 6.0.x Compatible Compatible ArubaOS 6.1.x Compatible Compatible ArubaOS 6.2.x Compatible Compatible
  • 9. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 5 Installing the VIA Connection Manager Users can download VIA from a URL provided by their local system administrators and install it on their computers. Alternatively, administrators can install VIA by using a system management software. Perform the following steps to install a VIA client on Apple MacOSX. Ensure that you have met the “Pre- requisites” on page 19 before proceeding with the installation. 1. Double-click the downloaded set up file macviainstaller.pkg to start the installation process. The Welcome page of the VIA Installation wizard appears.. Figure 1 Welcome Page for Installation 2. Click Continue. The License Agreement page appears. Figure 2 License Agreement 3. Click Continue. The License Agreement prompt appears. For information about the VIA Connection Manager and OS compatibility, see Chapter 2, “End User Instructions” on page 19.
  • 10. 6 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide Figure 3 License Agreement Prompt 4. Click Agree. The Standard Install page appears. Figure 4 Standard Install 5. Click Install. After the successful installation, the page indicating successful installation appears. Figure 5 Install Success Page 6. Click Close to complete the installation. After the installation is complete, the connection details pop-up window appears.
  • 11. Aruba VIA 2.0 Mac Edition | User Guide About this Guide | 7 Figure 6 Connection Details 7. Enter the following details: a. Remote server URL—Obtain this URL from the system administrator. The administrator can also provision the URL on the controller. In such cases, provide the username and password. b. Username—Domain user name of the user. c. Password—Domain password of the user. 8. Click Connect to initiate a secure VIA connection.
  • 12. 8 | About this Guide Aruba VIA 2.0 Mac Edition | User Guide
  • 13. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 9 Chapter 1 VIA Configuration The VPN settings must be configured before configuring VIA. For information on configuring VPN settings on your controller, see Virtual Private Networks chapter in the latest ArubaOS user guide . This chapter includes the following topics:  “Before you Begin” on page 9  “Authentication Mechanisms for Aruba VIA 2.0 Mac Edition” on page 9  “Configuring VIA Settings” on page 10 Before you Begin The following ports must be enabled before configuring the VIA controller.  TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and captive portal checks against the controller. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.  UDP 4500—Required for IPSec transport. Authentication Mechanisms for Aruba VIA 2.0 Mac Edition Authentication is performed using IKEv1 and IKEv2 methods. IKEv1 In IKEv1, phase 0 authentication, which authenticates the VPN client, can be performed using either a pre- shared key or an X.509 certificate (the X.509 certificate must appear in the operating system’s “user” certificate store.) If certificates are used for IKE phase 0 authentication, it must be followed by username and password authentication. The second authentication phase is performed using xAuth, which requires a username and password. The username and password is authenticated against the controller’s internal database, a RADIUS server, or an LDAP server. If a RADIUS server is used, it must support the PAP protocol. Support for two-factor authentication such as token cards is provided in VIA 2.0. Token product such as RSA tokens and other token cards are also supported. This includes support for new-pin and next-pin. IKEv2 IKEv2 is an updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 has only single phase authentication process. VIA supports the following IKEv2 authentication methods:  X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.  EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.
  • 14. 10 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Configuring VIA Settings The following steps are required to configure your controller for VIA. These steps are described in detail in the subsections that follow. 1. Install PEFV license—ArubaOS allows you to connect to the VIA controller using the default user roles. However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual Private Network (PEFV) license. 2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using VIA. You can configure different VIA roles or use the default VIA role—default-via- role. 3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA users. The server group contains the list of authentication servers and server rules to derive user roles based on the user authentication. You can configure multiple VIA authentication profiles and/or use the default VIA authentication profile created with Internal server group 4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used. 5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login. 6. Associate VIA Connection Profile to User Role—A VIA connection profile must be associated to a user role. Users login by authenticating against the server group specified in the VIA authentication profile and are put into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that user role. The default VIA connection profile is used. 7. Rebranding VIA and Uploading VIA Installers—You can use a custom logo on the VIA client and on the VIA download web page. 8. Download VIA Installer and Version File— VIA installers are available at the Aruba support site and are uploaded to the controller or an external hosting server for download by the users. After the users login to the VIA download page, the controller presents the appropriate VIA image version file. Using ArubaOS WebUI to Configure VIA The following steps illustrate configuring your controller for VIA using the WebUI. Install PEFV license Install the PEFV license to configure and assign user roles. For more information on licenses, see Software Licenses chapter in the latest ArubaOS 6.1 user guide. To install a license: 1. Navigate to Configuration > Network > Controller and select the Licenses tab on the right hand side. 2. Paste the license key in the Add New License key text box and click Add. Create VIA User Roles To create VIA users roles: 1. Navigate to Configuration > Security > Access Control > User Roles.
  • 15. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 11 2. Click Add to create new policies. 3. Click Done after creating the user role and click Apply to save it to the configuration. Create VIA Authentication Profile To create an authentication profile to authenticate users against a server group: 1. Navigate to Configuration > Security > Authentication > L3 Authentication. 2. Under the Profiles section, expand the VIA Authentication Profile option. You can configure the following parameters for the authentication profile: Table 3 VIA - Authentication Profile Parameters Parameter Description Default Role The role that will be assigned to the authenticated users. Max Authentication Failures Specifies the maximum authentication failures allowed. The default is 0 (zero). Description A user friendly name or description for the authentication profile. 3. To create a new authentication profile: a. Enter a name for the new authentication profile under the VIA Authentication Profiles section and click Add. b. Expand the VIA Authentication Profiles option and select the new profile name. 4. To modify an authentication profile, select the profile name to configure the default role The following figure uses the default authentication profile. Figure 7 VIA - Associate User Role to VIA Authentication Profile 5. To use a different server group, Click Server Group under VIA Authentication Profile and select New to create a new server group. Figure 8 VIA - Creating a new server group for VIA authentication profile 6. Enter a name for the server group.
  • 16. 12 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Figure 9 VIA - Enter a name for the server group Create VIA Connection Profile To create VIA connection profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. Click the VIA Connection Profile option and enter a name for the connection profile. Figure 10 VIA - Create VIA Connection Profile 2. Click on the new VIA connection profile to configure the connection settings. You can configure the following options for a VIA connection profile. Table 4 VIA - Connection Profile Options Configuration Option Description VIA Servers Enter the following information about the VIA controller.  Hostname/IP Address: This is the public IP address or the DNS hostname of your VIA Server / controller. You can connect to this remote server using the IP address or the hostname.  Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belonging to this VIA server.  Description: This is a human-readable description of the VIA server. Click Add after entering all the details. If you have more than one VIA controller you can re-order them by clicking the Up and Down arrows. To delete a VIA server from the list, select a server and click Delete. VIA Authentication Profiles to provision This is the list of VIA authentication profiles displayed to users in the VIA client. See “Create VIA Authentication Profile” on page 11.  Select an authentication profile and click Add to add to the authentication profiles list.  Change the order of the list by clicking the Up and Down arrows, if required.  To delete an authentication profile, select a profile name and click Delete.
  • 17. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 13 Configure VIA Web Authentication To configure VIA web authentication profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. VIA tunneled networks Refers to a list of network destination (IP address and netmask) that the VIA client tunnels through the controller. All other network destinations are reachable directly by the VIA client.  Enter an IP address and network mask. Click Add to add them to the tunneled networks list.  To delete a network entry, select the IP address and click Delete. VIA IKE V2 Policy Refers to list of available IKEv2 policies. VIA IKE Policy Refers to list of IKE policies that the VIA Client has to use to connect to the controller. These IKE policies are configured under Configuration > Advanced Services > VPN Services > IPSEC > IKE Policies. Enable IKEv2 Enables the use of IKEv2 policies for VIA when selected. IKEv2 Authentication method. Refers to lists all IKEv2 authentication methods. VIA IPSec V2 Crypto Map Refers to lists all IPSec V2 that the VIA client uses to connect to the controller. VIA IPSec Crypto Map Refers to list of IPSec Crypto Map that the VIA client uses to connect to the controller. These IPSec Crypto Maps are configured in CLI using the crypto- local ipsec-map <ipsec-map-name> command. VIA Client Network Mask Refers to the network mask that must be set on the client after the VPN connection is established. Default: 255.255.255.255 VIA Client DNS Suffix List Refers to the DNS suffix list (comma separated) that must be set on the client once the VPN connection is established. Default: None. VIA Support E-mail Address Refers to the support e-mail address to which VIA users send client logs. Default: None. Client Auto-Login Enables VIA client to auto login and establishs a secure connection to the controller when selected. Default: Enabled Enable split-tunneling Enables split tunneling when selected.  If enabled, all traffic to the VIA tunneled networks (Step 3 in this table) will go through the controller and the rest is bridged directly on the client.  If disabled, traffic flows through the controller. Default: off Allow user to save passwords Enables users to save passwords entered in VIA when selected. Default: Enabled VIA max session timeout Refers to the maximum time (minutes) allowed before the VIA session is disconnected. Default: 1440 min Table 4 VIA - Connection Profile Options Configuration Option Description
  • 18. 14 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide 2. Expand VIA Web Authentication and click on default profile. You can have only one profile (default) for VIA web authentication. 3. Select a profile from VIA Authentication Profile drop-down list box and click Add.  To re-order profiles, click the Up and Down button.  To delete a profile, select a profile and click Delete. 4. If a profile is not selected, the default VIA authentication profile is used. Figure 11 VIA - Select VIA Authentication Profile Associate VIA Connection Profile to User Role To associate a VIA connection profile to a user role: 1. Navigate to Configuration > Security > Access Control > User Roles tab. 2. Select the VIA user role (See “Create VIA User Roles” on page 10) and click Edit. 3. In the Edit Role page, navigate to VIA Connection Profile and select the connection profile from the drop-down list box and click Change. 4. To save changes to the configuration, click Apply.
  • 19. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 15 Figure 12 VIA - Associate VIA Connection Profile to User Role Rebranding VIA and Uploading VIA Installers You can rebrand the VIA client and the VIA download page with your custom logo and HTML page. You can also upload latest versions of VIA installers. Figure 13 VIA - Customize VIA logo, Landing Page, and download VIA Installer Download VIA Installer and Version File To download the VIA installer and version file: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under VIA installers for various platforms section, click macviainstaller.pkg to download the installation file. Upload VIA Installer To upload a new VIA installer: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Upload new VIA Installers, browse and select the installer from your computer. Click Upload to upload the installer to the controller.
  • 20. 16 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide Customize Logo To use a custom logo on the VIA download page and on the VIA client: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under the Customize Logo section, browse and select a logo from your computer. Click Upload to upload the image to the controller.  To use the default Aruba logo, click Reset. Customize the Landing Page for Web-based Login To use a custom landing page for VIA web login: 1. Navigate to Configuration > Advanced Services > VPN Services > VIA tab. 2. Under Customize Welcome HTML section, browse and select the HTML file from your computer. Click Upload to upload the image to the controller. The following variables are used in the custom HTML file: All variables in the custom HTML file have the following notation  <% user %>: this will display the username.  <% ip %>: this will display the IP address of the user.  <% role %>: this will be display the user role.  <% logo %>: this is the custom logo (Example: <img src="<% logo %>">)  <% logout %>: the logout link (Example: <a href="<% logout %>">VIA Web Logout</a>)  <% download %>: the installer download link (Example: <a href="<% download %>">Click here to download VIA</a>) To use the default welcome page, click Reset. 3. Click Apply to continue. Using CLI to Configure VIA The following steps illustrate configuring VIA using CLI. Install your Policy Enforcement Firewall Virtual Private Network (PEFV) license key. (host) (config)# license add <key> Create VIA Roles (host) (config) #user-role example-via-role (host) (config-role) #access-list session "allowall" position 1 (host) (config-role) #ipv6 session-acl "v6-allowall" position 2 Create VIA Authentication Profiles (host) (config) #aaa server-group "via-server-group" (host) (Server Group "via-server-group") #auth-server "Internal" position 1 (host) (Server Group "via-server-group") #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #default-role example-via-role The installer package should be a .arb file for the controller to accept the package. This is the installer package wrapped/signed with an Aruba signature. Commands that achieve specific task are described in this section. For detailed information on the VIA command line options, see the latest ArubaOS Command Reference Guide.
  • 21. Aruba VIA 2.0 Mac Edition | User Guide VIA Configuration | 17 (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group" Create VIA Connection Profiles (host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary Controller" position 0 (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #mac-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com Configure VIA Web Authentication (host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0 You can have only one profile (default) for VIA web authentication. Associate VIA Connection Profile to User Role (host) (config) #user-role "example-via-role" (host) (config-role) #via "via" Rebranding VIA and Uploading VIA Installers This step can only be performed using the WebUI. See “Rebranding VIA and Uploading VIA Installers” on page 15.
  • 22. 18 | VIA Configuration Aruba VIA 2.0 Mac Edition | User Guide
  • 23. Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 19 Chapter 2 End User Instructions This section of the document provides end user instructions and information on using the VIA connection manager. This chapter includes the following topics:  “Pre-requisites” on page 19  “Downloading VIA” on page 19  “Installing VIA” on page 20  “Using VIA” on page 20  “Uninstalling VIA” on page 22  “Configruing Certificates ACL” on page 22 Pre-requisites Ensure that the system meets the following pre-requisites:  The systems running on the following versions of OS:  Apple Mac OSX Lion (10.7.x) version  Apple Mac OSX Mountain Lion (10.8.x) version  You have administrator privileges to install VIA.  The computer is connected to a wired or wireless network. Downloading VIA In a typical scenario, you will receive an e-mail from your local system administrator with details to download VIA from a URL (controllers public IP address). In this example, the users can download VIA setup files from https://via.bng.com/via after entering thier corporate credentials. VIA has been tested only with English-language versions of MacOSX. Technical support is not provided for non- English versions.
  • 24. 20 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Figure 14 Login to Download VIA Figure 15 Downloading VIA set up file after authentication Installing VIA Double-click the downloaded setup file macviainstaller.pkg to start the installation process. For information about the installation steps refer, “Installing the VIA Connection Manager” on page 5. Using VIA The VIA desktop application has the following options:  Connection Details Tab  Diagnostics Tab  Download and Clear Profile Button  Send Logs Button
  • 25. Aruba VIA 2.0 Mac Edition | User Guide End User Instructions | 21 Figure 16 VIA Connection Manager GUI Connection Details Tab This tab provides all required details about your remote connection. After a successful connection, you can see the assigned IP from your remote server, the profile used for the connection and other network related information.  Disconnect—Click this button to disconnect the current remote connection. You will have to manually connect for the next connection. VIA will not automatically start the connection.  Connection Profile—Click on the drop-down options to select an alternate connection profile. Diagnostic Tab Provides information on the sequence of events that happened during the recent connection. Download and Clear Profile Button Click this button to download the connection profiles over HTTPS when the VIA user chooses to download profiles or click this to clear the profile. This section also provides VIA details and other connection messages. This button switches between Clear Profile and Download Profile based on the profile you select in Connection Profile. If you have selected a profile in Connection Profile, this button reads as Clear Profile. If you have not selected a profile in Connection Profile, this button reads as Download Profile.
  • 26. 22 | End User Instructions Aruba VIA 2.0 Mac Edition | User Guide Send Logs Button Click Send Logs to send the list of log files collected by VIA. To enable your support team to effectively resolve your VIA connection issues, it is mandatory that you send logs generated by VIA. Uninstalling VIA To uninstall VIA, execute the command sudo /usr/local/bin/macviauninstaller.sh in the Mac terminal. Configruing Certificates ACL The Certificate Key Access Control List (ACL) allows the VIA VPN Agent to use key from the keychain without requesting credentials. Certificate Key is used to sign the data while IKE communication. Perform the following steps to configure the certificate vpnagent ACL to the users using the Mac VIA client. 1. In Mac OS, select Applications > Utilities > Keychain Access. 2. In the left-pane, under Category select Certificates. 3. In the right-pane, select Users and double-click on the name of the user. 4. Click Access Control. 5. Select the option Confirm before allowing access. 6. Verify vpnagent is listed under Always allow access by these applications:. If vpnagent is not in the list, click + and select the folder /usr/libexec and select vpnagent. If the default Mailclient is configured, it opens an e-mail with a log file attached to it. If the default Mailclient is not configured, it opens an e-mail without the attachment and you must manually attach the log files to the e-mail.