Mobility users on company Wi-Fi

Mar 25, 2015 05:56 AM PDT
Tudor Adrian Negru
FCS Cumarasaid Teo (T/A FCS Global)
Hi guys,

I've a SMR configured on our HQ site and I can successfully provision a phone from a remote Wi-Fi connection or a 3G/4G one but cannot seem to manage to get the Mobility Client registered when the user is on the local corporate Wi-Fi at HQ.

If I look at the connection messages I can see some messages coming up like "Secure tunnel could not be established. SSL Connection Error. Local error or TLS connection failed".

I'm guessing it might be something to do with the Certificates configured under the SMR itself for Local and Remote Access.

- I have the Local Access one using a FQDN that points to the eth0 interface and an Alternative name corresponding to the eth0 IP address
- I have the Remote Access one using the public FQDN of our company that points to the NAT IP of the eth1 interface and an Alternative name corresponding to the eth1 public IP address

What could I be missing ?
Mar 25, 2015 09:10 AM PDT
Tudor Adrian Negru
FCS Cumarasaid Teo (T/A FCS Global)
Hmmm..managed to solve this one although with a bit of a workaround; added a static route to the ETH0 IP address using the ETH1 address as a next-hop on my router.
Sep 02, 2015 09:05 AM PDT
Ari Piotrkowski
City of Santa Rosa
Does your local corporate WIFI sit on a different network/VLAN, or do you use NAC on your internal wireless network? We do both and found that we need to open all TCP/UDP traffic from our internal wifi network to the SMR's eth0 interface IP address. It doesn't tunnel over 443 when you are internal.

To reply to this post please Sign In