You are here: Home > CLI Commands > Just_CLI_Topics > aaa authentication via connection-profile

aaa authentication via connection-profile

aaa authentication via connection-profile <profile>

admin-logoff-script

admin-logon-script

allow-user-disconnect

allow-whitelist-traffic

auth-profile

auth_domain_suffix

auto-launch-supplicant

auto-login

auto-upgrade

banner-message-reappear-timeout <mins>

block-dest-traffic

block-destination-traffic-selector

certificate-criteria

client-logging

client-netmask

client-wlan-profile <client-wlan-profile> position <position>

clone <source>

controllers-load-balance

csec-gateway-url <URL>

csec-http-ports <comma separated port numbers>

dn-profile

dns-suffix-list <dns-suffix-list>

domain-pre-connect

DPC-generate-profile

enable-csec

enable-fips

enable-supplicant

ext-download-url <ext-download-url>

ike-policy <ike-policy>

ikev2-policy

ikev2-proto

ikev2auth

ipsec-cryptomap map <map> number <number>

ipsecv2-cryptomap

l2-forwarding

lockdown-all-settings

max-reconnect-attempts <max-reconnect-attempts>

max-timeout <value>

minimized

no

ocsp-responder

save-passwords

server

split-tunneling

suiteb-crypto

support-email

tos-dscp {0-63}

tunnel

user-idle-timeout

validate-server-cert

whitelist

windows-credentials

Description

This command configures the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile.

Syntax

Parameter

Description

Default

admin-logoff-script

Enables VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. logoff script.

Disabled

admin-logon-script

Enables VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. logon script.

Disabled

allow-user-disconnect

Enable or disable users to disconnect their VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. sessions.

Enabled

allow-whitelist-traffic

If enabled, this feature will block network access until the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. connection is established.

Disabled

auth-profile <auth-profile>

This is the list of VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. authentication profiles that will be displayed to users in the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client.

auth_domain_suffix

Enables a domain suffix on VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Authentication, so client credentials are sent as domainname\username instead of just username.

auto-launch-supplicant

Allows you to connect automatically to a configured WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network.

Disabled

auto-login

Enable or disable VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client to auto login and establish a secure connection to the managed device.

Enabled

auto-upgrade

Enable or disable VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client to automatically upgrade when an updated version of the client is available on the managed device.

Enabled

banner-message-reappear-timeout

Timeout value, in minutes, after which the user session will end and the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Login banner message reappears.

1440 minutes

block-destination-traffic-selector-ON

Turn ON feature to block Destination Traffic .

block-dest-traffic-address

Destination Traffic selector.

certificate-criteria

Allows admin users to filter the certificates that can be used to establish the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. connection when a user certificate or EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. is used as the authentication method. Use the following certificate attributes or OIDs to set the certificate criteria:

commonName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 2.5.4.3)

organizationalUnitName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 2.5.4.11)

organizationName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 2.5.4.10)

subjectAltName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 2.5.29.17)

certificateIssuer (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 2.5.29.29)

userPrincipalName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 1.3.6.1.4.1.311.20.2.3)

emailAddress (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 1.2.840.113549.1.9.1)

friendlyName (OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. 1.2.840.113549.1.9.20)

The maximum length is 256 characters. Each attribute or OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. must be separated by a semicolon. If an attribute or OIDObject Identifier. An OID is an identifier used to name an object. The OIDs represent nodes or managed objects in a MIB hierarchy. The OIDs are designated by text strings and integer sequences and are formally defined as per the ASN.1 standard. contains any spaces, the entire string must be enclosed in quotation marks.

client-logging

Enable or disable VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client to auto login and establish a secure connection to the managed device.

Enabled

client-netmask <client-netmask>

The network mask that has to be set on the client after the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. connection is established.

255.255.255.255

client-wlan-profile <client-wlan-profile>

A list of VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. profiles that needs to be pushed to the client machines that use Windows Zero Config to configure or manage their wireless networks.

clone <source>

Create a copy of connection profile from an another VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile.

controllers-load-balance

Enable this option to allow the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client to failover to the next available selected randomly from the list as configured in the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Servers option. If disabled, VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. will failover to the next in the sequence of ordered list of VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. servers.

Disabled

csec-gateway-url

Specify the content security service providers URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet. here. You must provide a FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet..

csec-http-ports

Specify the ports (separated by comma) that will be monitored by the content security service provider. Do not add space before or after the comma.

dn-profile

CN | ORG | OU | Country

Configure VIA dn profile.

dns-suffix-list <dns-suffix-list>

The DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. suffix list (comma separated) that has be set on the client once the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. connection is established.

None

domain-preconnect

Enable this option to allow users with lost or expired passwords to establish a VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection to corporate network. This option authenticates the user’s device and establishes a VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection that allows users to reset credentials and continue with corporate access.

Enabled

dpc-generate-profile

Optionally enable generating common profile in DPC is enabled.

enable-csec

Use this option to enable the content security service.

enable-fips

Enable the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. module so VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. checks for FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. compliance during startup.

Disabled

enable-supplicant

If enabled, VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. starts in bSec mode using L2 suite-b cryptography. This option is disabled by default.

Disabled

ext-download-url <ext-download-url>

End users will use this URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet. to download VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. on their computers.

ike-policy <ike-policy>

List of IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. policies that the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Client has to use to connect to the managed device.

ikev2-policy

List of IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. V2 policies that the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Client has to use to connect to the managed device.

ikev2-proto

Enable this to use IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. protocol to establish VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. sessions.

Disabled

ikev2auth

Use this option to set the IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. authentication method. By default user certificate is used for authentication. The other supported methods are EAP-MSCHAPv2EAP Microsoft Challenge Handshake Authentication Protocol Version 2. , EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216.. The EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication is done on an external RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

User Certificates

ipsec-cryptomap

List of IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. crypto maps that the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client uses to connect to the managed device. These IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. Crypto Maps are configured in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. using the crypto-local ipsec-map <ipsec-map-name> command.

ipsecv2-cryptomap

List of IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. V2 crypto maps that the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client uses to connect to the managed device.

l2-forwarding

Enable this option to forward Layer-2 GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel.

lockdown-all-settings

Allows you to lock down all user-configured settings.

Disabled

max-reconnect-attempts <max-reconnect-attempts>

The maximum number of re-connection attempts by the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client due to authentication failures.

3

max-timeout value <value>

The maximum time (minutes) allowed before the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. session is disconnected.

1440 min

minimized

Use this option to keep the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client on a Microsoft Windows operating system minimized to system tray.

ocsp-responder

OSCP Cert Verification.

enable

Enable or disable OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. Cert verification.

fallback

Action taken when OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. Cert verification result is unknown.

save-passwords

Enable or disable users to save passwords entered in VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network..

Enabled

server

Configure VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. servers.

addr <addr>

This is the public IP address or the DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. hostname of the managed device connected to VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. . Users will connect to remote server using this IP address or the host name.

<internal-ip <internal-ip>

This is the IP address of any of the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface IP addresses belongs to this managed device.

desc <description>

This is a human-readable description of the managed device.

split-tunneling

Enable or disable split tunneling.

If enabled, all traffic to the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. tunneled networks will go through the managed device and the rest is just bridged directly on the client.

If disabled, all traffic will flow through the managed device.

off

suiteb-crypto

Use this option to enable Suite-B cryptography. See RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 4869 for more information about Suite-B cryptography.

Disabled

support-email

The support e-mail address to which VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. users will send client logs.

None

tos-dscp {0-63}

Use this to mark IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. packets with higher QoSQuality of Service. It refers to the capability of a network to provide better service and performance to a specific network traffic over various technologies./DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. than Best Effort. The range is 0–63.

0

tunnel address <address>

A list of network destination (IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses.) that the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client will tunnel through the managed device. All other network destinations will be reachable directly by the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. client. Enter tunneled IP address and its netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

address <address>

netmask <netmask>

user-idle-timeout

The user idle timeout for this profile. Specify the idle timeout value for the client in seconds. Valid range is 30-15300 in multiples of 30 seconds. Enabling this option overrides the global settings configured in the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. timers. If this is disabled, the global settings are used.

Disabled

validate-server-cert

Enable or disable VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. from validating the server certificate presented by the managed device.

Enabled

whitelist addr

Specify a hostname or IP address and network mask to define a whitelist of users allowed to access the network if the allow-whitelist-traffic option is enabled.

NOTE: The maximum number of entries allowed is 16.

addr <addr>

Host name of IP address of a client

netmask <netmask>

NetmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses., in dotted decimal format

description <description>

(Optional) description of the client

windows-credentials

Enable or disable the use of the Windows credentials to login to VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network.. If enabled, the SSOSingle Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts. feature can be utilized by remote users to connect to internal resources.

Enabled

Usage Guidelines

Issue this command to create a VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile. A VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile contains settings required by VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. to establish a secure connection to the managed device. You can configure multiple VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profiles. A VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile to a user role, the default connection profile is used.

Example

The following example shows a simple VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. connection profile:

(host) [md] (config) #aaa authentication via connection-profile "via"

(host) [md] (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary" position 0

(host) [md] (VIA Connection Profile "via") #auth-profile "default" position 0

(host) [md] (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0

(host) [md] (VIA Connection Profile "via") #split-tunneling

(host) [md] (VIA Connection Profile "via") #windows-credentials

(host) [md] (VIA Connection Profile "via") #client-netmask 255.0.0.0

(host) [md] (VIA Connection Profile "via") #dns-suffix-list mycorp.com

(host) [md] (VIA Connection Profile "via") #dns-suffix-list example.com

(host) [md] (VIA Connection Profile "via") #support-email via-support@example.com

(host) [md] (VIA Connection Profile "via") #certificate-criteria certificateIssuer="HPE Root CA"; 2.5.4.10=SmartCard; emailAddress=support@example.com

To configure the tos-dscp parameter in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., use the following commands in the managed device node:

(host) [mynode] (config) #aaa authentication via connection-profile <profile-name>

(host) [mynode] (VIA Connection Profile "<profile-name>") #tos-dscp <0-63>

Command History

Release

Modification

ArubaOS 8.4.0.0

The l2-forwarding parameter was introduced.

ArubaOS 8.3.0.0

The tos-dscp parameter was introduced.

ArubaOS 8.1.0.0

The certificate-criteria parameter was introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/