NAC 4.1.3

Hello friends,

I installed a new NAC 4.1.3. When users connect they get the popup of the certificate press the button YES, I generated the certificate in the Manager and the server according to the user's guide,

where I m missing something? I think that something in the certificate. The certificate that I generated will be valid until when?

Thank you

Estela Hi,

4.1.3 use perfigo signed certs and it is a matter of import perfigo root certificates to get rid of this error popup from your PC. You may need to find ways as window GPOS to automate this task. But given that CA perfigo is a non-standard certificate authority, it is recommended to buy a 3rd party cert CA such as verisign, godaddy etc and install on the heap. Most / All PC's will have this installed by default CA cert and they see this popup error also.

Thank you

Mani

Tags: Cisco Security

Similar Questions

  • Cisco NAC Agent Login screen

    There is a problem that is coming with the customers, sometimes on some of the connection start screen customer Cisco NAC Agent is not displayed on the login screen for some of the newly added machines. Are there special requirements for cisco Agent on the client machines.

    Concerning

    Waqas

    Waqas,

    No specific requirement, except that they be on the list of the OS supported. For example server OSs don't are not so supported if you were trying to install/run on a Server 2003 or 2008, which will not work.

    HTH,

    Faisal

  • NAC appliance purchase question

    Dear Experts,

    This summer we bought a Server Appliance from Cisco NAC3315-K9-500-500-NAC3315-K9.

    And we are about to begin its deployment. But to our surprise, we learned that it is a separate physical server to manage the NAC and NAC Manager license is required.

    Unfortunately, we bought the unit of the NAC with support (rather hasty) that management (CAM) and the access server (CASES) are integrated into a single box. But, after checking a configuration guide, he said that one or other of the CAM or CASES can be installed on the device.

    So is it possible to integrate them both on the same machine? Or must buy this CAM server that cost a fortune?

    Or alternatively, the cam can be installed as a virtual machine?

    Looking forward for your answer,

    Thank you very much!

    Hello

    You cannot run the cam and the CASE on a single piece of material (when you install the software, you must choose the Manager or the server prior to installation scripts), you must run on separate devices. However, you can get a job in Ise (licenses), which is the last product that can take advantage of all the features of the NAC in one device. However based on your network (amount of endpoints) it can easily take more material.

    ISE can run on devices that you have purchased, you will need to go to your cisco account representative or your partner of cisco in order to have their with the discount and you get to put on the same page on ISE (providing the demonstration or proof of concept).

    I supported the NAC and ISE and your best approach should not go forward with the NAC product now that ISE is out, it is a design much better in the way it integrates into your network, it uses also not only the manager and server, but it includes the profiling and reviews management services which are all of different products within the line of the NAC.

    Thank you

    Tarik Admani
    * Please note the useful messages *.

  • NAC REAL IP GATEWAY BAND

    Hello

    I NAC 4.8 and the installer as the band real gateway IP.

    Is it possible to integrate it with WLC5508 (Wireless)?

    Thank you

    Hello!

    Currently only the configured virtual gateway mode NAC servers can support wireless OOB users:

    http://www.Cisco.com/en/us/customer/docs/security/NAC/appliance/configuration_guide/48/cam/m_woob.html#wp1148691

    I hope that answers your question.

    Kind regards

    Federico

    --

    If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

  • Reimage ISE 1.1.4 on NAC 3355 Server Issues

    g ' Day All,

    I have problems with an ISE recreate the image of a server of the NAC 3355 currently. I successfully download the iso for 1.1.4 ise and it burned on a dvd, I went through the process of remiage, with all packages being installed successfully (or so it seems) there is no problem during the packages downloaded and installed from the DVD.

    My question is, when the box reboots and I am introduced to the login prompt where I can type "setup" to launch the initial config script, I can enter all relevant details and the system displays the network interface, pings the default gateway and the server names with success (I don't see any errors that the pings have failed) and it seems to start installing the ISE.

    I get the screen message on does not use 'Ctrl C from this point', then I see the "installing applications...." "on the message screen, but rather than see the 'ISE installation' on the message of the screen as detailed in the installation guide hardware 1.1.x my install goes straight to the screen message"generating configurations"then restarts the box.

    Once reboot the box, I can not connect with the name of username/password combo that I entered in the initial configuration script, but I get no more on the screen messages or prompts to create a password database, etc.. I only get the cli command prompt. I am able to navigate the fine cli, I can ping the gateway and nameservers of the CLI fine, but if I apply for a show, he comes back with nothing. If I make a request to configure ise, the cli says that EHT is not installed.

    Help Please guys.

    See you soon,.

    MSI

    Please keep this thread updated to date.

    Jatin kone

  • The popup NAC agent

    Dear,

    I have two devices ISE installed in a distributed deployment ("ISE1' primary and secondary"ISE2"), each node has three personas installed on it. The servers are recorded together and replication is working properly between nodes.

    When we work on the first node, all right, if I try to unplug it from ISE1 and do my tests on ISE2, the cisco NAC agent don't popup, unless I have to uninstall and reinstall again the ISE2. Then it will not work properly.

    Note: the version of the agent of the NAC is the following: nacagent - 4.9.0.37.

    Any idea?

    Concerning

    Zahi

    I don't have access to an ISE at the moment to find, but try this:

    Policy > policy elements > results > customer Provisioning > resources

    Edit profile, and there should be a box of discovery host.

    My apologies, I guess a little without access to the box, but it is certainly configurable, you don't have to add it manually.

  • ACS + NAC-L2-IP & 802. 1 x

    Hello! I implement NAC now, I knew of the NAC Framework configuration guide, I can use the NAC-L2-IP for posture validation, but this model (technology) does not provide the identity of the user. So the question is - at the same time we use the NAC-L2-IP for the validation of the posture and 802. 1 x for authentication of the user (using MS-CHAPv2) on Catalyst 3560 G and with ACS 4.1?

    Thank you in advance!

    Yes, this can work. If you are migrating at some point to have NAC with 802. 1 X, well, you will get are studying twice on the ports configured for two well.

  • Problem of NAC OOB - move users between ports

    Hello

    I have a problem with an OOB deployment, I am currently working on: when I move an OOB client authenticated from one switch to another, he gets stuck in the auth VLAN. It seems NAC does not correctly detect the new port.

    That's what I've done to reproduce the problem in detail:

    (1) a computer is connected to the port switch ' a' market 'A' (A [a]). The port is automatically replaced by auth VLAN and authentication and posture assessment are carried out.

    (2) the computer goes together, and the port is changed to the VLAN designated access. OOB user appears in the list of users online, and the computer is added to the list of discovered Clients (Wired). All the detailed information on the two pages are correct.

    (3) the computer is offline. OOB user is removed from the list of online users, but the computer remains in the list of overdrawn customers.

    (4) the computer is connected to the port 'b' switch 'B' (B [b]). It is automatically replaced by auth VLAN and evaluation of authentication and posture successfully passes once more. However, the information contained in the list of discovered customers are not being updated, and in addition, OOB user appears once more in the users online list-, but the specified location to port A [a]!

    The end result is that the computer is stuck in the VLAN Auth and NAC Agent authentication dialogue keeps popping out.

    I tried the reverse scenario (port B [b] to port A [a]) after clearing manually the user all customer information and the result was pretty much the same thing...

    Thank you

    Boris

    Boris,

    These commands allow the mac-move:

    MAC-address-table notification mac-move

    SNMP-Server enable traps mac-notice change move

    HTH,

    Faisal

  • Problem of the NAC. Failed to add server.

    Hi all!

    I can't add a nac server to the CAM. Error: Cannot add the server: server access to the own conflicted with the IP <10.52.244.146>must first be removed.

    Add Server IP: 10.52.244.194. I checked all the settings. This address is not used in the IP address of the server of Pentecost - 10.52.244.146 settings.

    I don't see in the newspapers of useful information.

    Why didn't I have this error on the CAM?

    You might be hitting this bug: CSCtd27095

    http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtd27095

    Please follow the "Workaround" recommended in the bug.

  • Cisco NAC appliance - after a success does not change users to connect to the vlan propper

    Hello

    I am new to cisco NAC BURNERS and I have to troubleshoot an implementation. It is a real OOB IP gateway configuration. Users can connect to the Pentecost the CCA, but after the connection of this success, they remain on the role not authenticated, as well as on this vlan. I checked the SNMP protocol and seems to work very well. Also, I checked the logs on nac_manager.log and there is nothing surprising, in fact I see nothing about this user or IP address that connects.

    Also the user does not appear on the list of users online on cam.

    Can someone help me figure out how can I fix? version 4.8, I'll post any information requested

    Thank you

    We recently had the problem with Windows AD SSO and Windows 7 clients.

    Would authenticate the XP clients very well, however, Windows 7 clients would not authenticate and will remain just on the authenticated vlan.

    Our question was looking for CASE SSO account, we installed on AD. It only support the encryption, WHICH has no Windows 7 64. We turned off "Use OF THE encryption" on the account authentication UNIQUE AD and re-tested.

    What are the parameters of the port-profile to which is applied the switchport?

    What is the map settings vlan ports trunk not approved or confidence?

  • Version of the NAC

    Dear,

    Can what version of the NAC I install VMware?

    Can anyone help please with the above query.

    Thank you

    NAC is not supported on Vmware. Yet people have managed to install NAC4.1 on Vmware, but newer version do not work.

    There is a new product called Cisco ISE, which will eventually replace the NAC. Cisco ISE can be installed on Vmware.

  • NAC 4.7.2

    Hello dear,

    I m facing issues with SSO only with Windows 7, windows rest XP and vista in my network work correctly with the single sign. I m get popup 2 times for a user login in windows 7. My version of the NAC agent is 4.7.3.2.  And NAC version 4.7. (2)

    where I m missing something?

    Thank you

    Hello

    For windows 7, you must do a few things to make it work.

    You will find detailed information here:

    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cas/s_adsso.html#wp1257882.

    I hope this helps.

    Tiago

    ==================

    PS. If you found this helpful please note! Thank you!

  • In anticipation of the posture with 1.3, Agent NAC 4.9.5.10 ISE and Windows 10

    Hello

    I have a client with the patch 1.3 ISE 5 installed in its network, and it tests the connection to the network from a client Windows 10. In the client, this customer has manually installed Agent NAC 4.9.5.10, and used Anyconnect 4.2.01035 (with NAM module) as supplicant 802.1 x.

    In the ISE, the 3.6.10205 - 2 4.9.5.10 NAC Agent and compliance Module is downloaded and there is that a strategy of commissioning of the customer created in order to provide customers with this version of the NAC Agent and compliance Module if this client authenticates correctly in Active Directory. There is also a political Posture that requires that the customer have a fixed version of McAffee Antivirus from the Posture.

    When connecting to the wifi network, the client authenticates properly using the user name and, after authentication, it launches the Cisco's NAC Agent in order to pass the posture. At this point, the Agent NAC pop-up displays an error indicating that the operating system of the client is not supported, although NACAgent 4.9.5.10 supports Windows 10 and patch5 ISE 1.3 also supports Windows 10. Due status Posture maintains in State waiting, the customer is not allowed to connect with the correct permissions for the network by the ISE authorization policy.

    My questions are:

    You know the reason for this error showed by NAC Agent (client operating system not supported)?

    Do you know what are the correct versions of the NAC and ISE Agent to support customers on Windows 10 connections?

    And also, Windows 10 is supported by ISE 1.3 patch5 or maybe it's better to move to ISE 2.0?

    Thanks in advance

    Concerning

    Juan

    I'll guess that maybe the VA of Cisco and databases supported OS version are not current.  Try to go to the Administration->-> Posture--> updates the settings and click on "Update Now".

  • NAC agent constantly authenticate

    I have a problem with NAC 4.9.4.3 where he réauthentifie randomly. There is no newspaper on the switch or within ISE to explain why this happens. The user seems to remain connected. Did somebody encounter this problem?

    Hi Deirra,

    How many times do you see that? You experience this problem with all the endpoints?

    If you don't see the newspaper on the ISE/switch so maybe not pure new authentication. The question may be followed by looking at the NAC agent logs.

    -Jousset

  • Comment of the NAC Server

    Hi guru,.

    Do we need Cisco NAC appliance or controller wireless with Cisco NAC server or Cisco NAC Guest server comments can work independently?

    Is it possible to implement the server Cisco NAC comments without NAC device or wireless LAN Controller?

    Best regards
    Ahmed Shahzad.

    Can you please check if you can access this link:

    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html.

    It's a fully detailed 'Integrated Cisco Web authentication deployment and Configuration Guide Local'.

    HTH,

    Tiago

  • NAC Notification comments Email Server problem

    Once I have create a guest account on the comment of the NAC server, he is unable to send e-mail notifications to the guest user. I get the following error.

    Unable to send e-mail. Please contact your system administrator.

    Only the very basic needs to be configured on the server of the NAC comments, as shown in the screenshot attached (replaced real domains). The exchange server is configured for any email from the NGS IP anonymous to any mail electronic id relay.

    Also is it possible to find the services that runs on the END to send emails?

    Thanks in advance.

    Hi Jenny,

    What version of NGS do you use?

    Your sponsor has permissions to send mails?

    What newspapers do you see on the mail server / SMTP relay?

    You can also view the logs under the Admin GUI to: Server > System Logs

    There, you can check what is the relationship to the 'application log' and also ' support newspapers > maillog.

    I hope this helps.

    Kind regards

    Federico

    --

    If this answers your question please mark the question as "answered" and write it down, so other users can easily find it.

Maybe you are looking for

  • I run a Mac Pro with El Capitan and iMovie 11 will not recognize my camcorder Sony FDR-AX35P 4 K

    I run a Mac Pro with El Capitan. iMovie 11 will not recognize my camcorder Sony FDR-AX45P 4 K. He keeps asking connect a camera.

  • How can I burn on dvd iMovie projects?

    I've mastered the art of making videos using iMovie, but I can't understand how the engraved on a dvd that will play in any dvd player.  I tried to do some research to understand this point, but most of the answers I've found are for two years.  I ne

  • My HP Pavilion g (Pavilion g7) series lights!

    So I bought this HP laptop about two years ago. It worked great, no problem. Recently, the laptop decided it was a good idea no longer lights. Everything I get, while the laptop is connected to the charger, is a little orange light where the charger

  • How can I recover no. Diplay after failed Bios update BIOS?

    Compaq Presario F768WM BIOS before 30EAF05 Has been updated to 30EAF0A I tried to make a start with HP-Tools UEFI USB recovery but not sure what to put in what folder to try to get it fixed. Is there the detaied instructions on how to prepare your bi

  • ASA private local networks

    Is it possible to connect a VPN l2l without using public NAT when one of the sites contains private IP (IE 10, 172)?  I use a device NAT public to route our IP private but remote is not using a NAT.   My Cisco ASA is the worm 9.1 (1)