Aruba VPN Access with Posture Checks Service Template

Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.

Aruba VPN Access with Posture Checks Service Template

The Aruba VPN Access with Posture Checks service template authenticates Aruba VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients connecting remotely to the corporate network with differentiated access based on the results of posture checks.

This service template does the following:

Configures an Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. authentication source.

Joins this node to the Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. domain.

Creates an enforcement policy for Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.-based attributes.

Creates a Network Access Device (NAD Network Access Device. NAD is a device that automatically connects the user to the preferred network, for example, an AP or an Ethernet switch.) in Policy Manager.

To configure the Aruba VPN Access with Posture Checks service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. Select Aruba VPN Access with Posture Checks.

Figure 1 Aruba VPN Access with Posture Checks Service Template

3. Specify the Aruba VPN Access with Posture Checks service template General tab parameters as described in the following table:

Table 1: General Tab: Aruba VPN Access with Posture Checks
Parameter	Action/Description
General
Select Prefix	Select a prefix from the existing list of prefixes. This populates the preconfigured information in the Authentication Aruba Wireless Controller for VPN Settings and Aruba User Roles for different access privileges sections. The Name Prefix field is not editable.
Name Prefix	Enter a prefix that you want to append to services using this template. Use this to identify services that use this template.

Authentication Tab

Figure 2 Authentication Tab: Aruba VPN Access with Posture Checks

4. Specify the Aruba VPN Access with Posture Checks service template Authenticationtab parameters as described in the following table:

Table 2: Authentication Tab: Aruba VPN Access with Posture Checks
Parameter	Action/Description
Authentication
Select Authentication Source	You can either create a new Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. or select one of the default authentication sources from the list: Admin User Repository Denylist Repository Endpoints Repository Guest Device Repository Guest User Repository Insight Repository Local User Repository Zone Cache Repository Onboard Devices Repository Social Login Repository Time Source
To create a new Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.:
Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. Name	Enter the Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. name.
Description	Enter a description that helps you to identify the characteristics of this template.
Server	Enter the host name or the IP address of the Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. server.
Port	Enter the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port where the server is listening for a connection.
Identity	Enter the Distinguished Name (DN Distinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate.) of the administrator account.
Password	Enter the account password.
NetBIOS Network Basic Input/Output System. A program that lets applications on different computers communicate within a LAN.	Enter the server Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. domain name.
Base DN Distinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate.	Enter the Distinguished Name (DN Distinguished Name. A series of fields in a digital certificate that, taken together, constitute the unique identity of the person or device that owns the digital certificate. Common fields in a DN include country, state, locality, organization, organizational unit, and the “common name”, which is the primary name used to identify the certificate.) of the node in the directory tree from which you wish to start searching for records.

5. Click Next.

Aruba Wireless Controller for VPN Access Tab

6. Select a wireless controller for VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. access from the drop-down list, or create a new controller.

Figure 3 Aruba Wireless Controller for VPN Access Tab: Aruba VPN Access with Posture Checks

7. Specify the Aruba VPN Access with Posture Checks service template Aruba Wireless Controller for VPN Accesstab parameters as described in the following table:

Table 3: Aruba Wireless Controller for VPN Access Tab: Aruba VPN Access with Posture Checks
Parameter	Action/Description
Select Wireless Controller	If you select a controller from the drop-down list, the rest of the fields in this configuration dialog are automatically populated.
Wireless Controller Name	To create a new controller in Policy Manager, enter the name of the mobility controller.
Controller IP Address	Enter the IP address or subnet Subnet is the logical division of an IP network. address of the mobility controller .
Vendor Name	From the drop-down, select the manufacturer of the controller.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Shared Secret	To send and receive RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. requests, enter the shared secret that is configured on the controller and in Policy Manager. NOTE: Make sure that the value of the Key parameter for the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server configured on the mobility controller is identical to the RADIUS Shared Secret you specify here for the current Policy Manager server.
Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Dynamic Authorization	To enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Dynamic Authorization on the mobility controller, select the check box. This parameter is enabled by default.
Dynamic Authorization Port	If RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Dynamic Authorization is enabled, this specifies the default port as 3799. NOTE: Change this value only if you defined a custom port on the mobility controller.
Enable RadSec	To enable RadSec, click the Enable RadSec check box. When RadSec is enabled, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. shared secret is populated with a default shared secret named “radsec.” NOTE: It's important that the controller is configured with the same shared secret.

8. Click Next.

Aruba User Roles for Different Access Privileges Tab

This tab creates an enforcement policy for Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed.-based attributes.

Figure 4 Aruba User Roles for Different Access Privileges Tab: Aruba VPN Access with Posture Checks

9. Specify the Aruba VPN Access with Posture Checks service template Aruba User Roles for Different Access Privilegestab parameters as described in the following table:

Table 4: Aruba User Roles for Different Access Privileges Tab: Aruba VPN Access with Posture Checks
Parameter	Action/Description
Initial Role (before posture checks)	Enter the initial role of the client before posture checks are performed.
Quarantined Role (failed posture checks)	Enter the role of clients that fail posture checks.
Healthy Role (passed posture checks)	Enter the role of the client after a posture check is passed and deemed healthy.

10. Click Add Service.