User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

681

682

683

684

685

686

687

688

689

690

682 | Virtual Intranet Access Dell Networking W-Series ArubaOS 6.4.x| User Guide

ArubaOS Version

Microsoft

Windows (32/64

bit)

XP (32-bit only)

Vista

Windows 7/8/8.1

Mac OS

10.7, 10.8,

10.9

Apple iOS

4.x, 5.x,

6.x, 7.x

Android

4.0, 4.1,

4.2, 4.3,

4.4

Linux (32/64

bit)

Ubuntu

12.04

RHEL 6

CentOS 6

2.2.x.x

ArubaOS 6.3.x 2.0.x.x, 2.1.x.x 2.0.x 2.0.x, 2.1.x 2.1.x.x,

2.2.x.x

2.0.x

ArubaOS 6.4.x 2.0.x.x, 2.1.x.x 2.0.x 2.0.x, 2.1.x 2.1.x.x,

2.2.x.x

2.0.x

Table 128: VIA Compatibility Matrix

Configuring the VIA Controller

VIA configuration requires that you first configure VPN settings and then configure VIA settings. See Virtual

Private Networks on page 337 for information on configuring VPN settings on your controller.

Before you Begin

The following ports must be enabled before configuring the VIA controller.

l TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and

captive portal checks against the controller. It is mandatory that you enable port 443 on your network to

allow VIA to perform these checks.

l UDP 4500—Required for IPSec transport

l UDP 500—Required for VIA 1.0 on Mac OS

Supported Authentication Mechanisms

VIA 1.x and VIA 2.x support different authentication mechanisms:

Authentication mechanisms supported in VIA 1.x

Authentication is performed using IKEv1 only. Phase 0 authentication, which authenticates the VPN client, can

be performed using either a pre-shared key or an X.509 certificate (the X.509 certificate must appear in the

operating system’s “user” certificate store.). If certificates are used for IKE phase 0 authentication, it must be

followed by username/password authentication.

The second authentication phase is performed using xAuth, which requires a username and password. The

username and password is authenticated against the controller’s internal database, a RADIUS server, or an

LDAP server. If a RADIUS server is used, it must support the PAP or MSCHAPv2 protocol. By default, PAP

protocol is enabled for RADIUS authentication.

Support for two-factor authentication such as token cards is provided in VIA 1.x. Token product like RSA

tokens and other token cards are also supported. This includes support for new-pin and next-pin.

Authentication mechanisms supported in VIA 2.x

In addition to the authentication methods supported by VIA 1.x, VIA 2.x adds support for IKEv2. IKEv2 is an

updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 does not

have two phases of authentication, only a single phase. VIA supports the following with IKEv2: