Problem of the NAC - Agent is a disconnect

Similar Questions

• Connection disabled for the Nac Agent

  Hello

  After installing the NAC Agent on Windows XP.

  The login window does not appear.

  Please see the attached support cisco report.

  Please suggest to overcome this problem.

  Thank you

  Abuzar

  Well, the default gw is an L3 device you have on your network, and if there is a firewall you will need to open the communication to these ports.

  What is the configuration of VLANS on the switch where the client is connected?

  Do you have an organizational chart?

  See you soon,.

  Tiago

• Problem of the NAC in the virtual tape gateway VPN SSO

  Hello

  I've implemented a NAC solution for remote users. The unit of CASE mode configured in the gateway enVirtual Strip.

  I followed all the steps listed in http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml

  Remote users can connect succeffuly using the cisco vpn software and they can ping the SIN, but not the DNS (the ASA offers IP @ but not the DNS I do not know why).

  When I access the NAS, I can download the NAC Agent but VPN SSO is not executed and the Agent asks me to connect using LOCAL DB.

  Any help please,.

  Kind regards

  Larson,

  For VPN SSO work, you must send the accounting package to the CAs. The CASE can in turn send for the ACS if you need accounting also be done on GBA, but for authentication ONLY work, the accountant must reach the CASE.

  HTH,

  Faisal

• ISE - profile of the NAC agent

  Dears

  I want to deploy via GPO NAC agent and I need to create the agent profile, I know how to create on ISE, but how to get the file in xml format which will be distributed?

  You can try to install only a single PC (whether by a manual installation or captive portal). If you have set up rules of posture while ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml.

  Then you can browse the following directory and find the NACAgentcfg.xml file in your PC.

  C:\Program Files (x 86) \Cisco\Cisco NAC Agent

  After that, you can deploy mass agent of the NAC as well as the xml file. Well that is not required to deploy the xml file as a I said, every time, there is a rule of posture the NAC agent will download the last available the ISE Server NACAgentcfg.xml.

  Please rate if this can help.

• The NAC Agent running application scan

  Ladies and gentlemen,

  My client is to be on ISE PoC. They want to test the functionality of Posture to run the application.

  I would like to ask: what is the NAC agent scan interval. If I want to use Agent NAC to scan the PC, an illegal demand, but initially, during the connection, the application is not running. After NAC agent notify that it respects the customer, user start this application. The question therefore, Agent NAC detectable by whom?

  Kindly share your experience about it. Thank you for your support.

  Kind regards

  Hiep

  Hiep,

  The feature you requested is passive revaluation and is made on intervals configured by the administrator.

  www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_pos_pol.html#...

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Problem of the NAC plugins & Nessus

  Hi all!

  I have a problem with the installation of the Nessus plugin. ((

  After reading Installation Guides I have not a clear understanding what files should I download. So I have 2 files:

  Nessus-plugins - 2.2.10.tar.gz (6507 KB)

  Nessus-plugins-GPL - 2.2.10.tar.gz (1071 KB)

  of http://www.nessus.org/download/index.php

  After renaming, I tried to download each of them turning the cam under updates of the Plugin. CAM said "Upload successful" and has always some plugins (Scan Setup-> Plugins).

  So I don't understand what the problem... ((

  Can someone share file plugins.tar.gz correct, please...?

  Concerning

  You must download and install the Nessus appropriate for your PC.

  After downloading the latest plugins on the site of Nessus, in the directory (for a Windows installation) c:/Program Files / sustainable / Nessus / Plugins, you will have a file 'plugin.tar.gz '. You can rename or copy this into "plugins.tar.gz".

  Then in the console the NAC Manager, under ACCESS OWN-> NETWORK SCANNER-> Plugin updates, go to the same folder and choose the file "plugins.tar.gz". It MUST be named exactly as described - with the S - to work. Complete the DOWNLOAD. When finished go to the Configuration of Scan tab and select all in the show _ Plugins dropdown. You should hae about 20,000 of them.

  HTH.

  Jim

• The NAC Agent autoUpgrade ISE possible?

  Hi all

  I have this:

  802.1 x-window with the NacAgent version (say 1) <---->802. 1 x switch active (RADIUS aaa OK) <------>ISE and AD on the same LAN

  ISE is configured for client provisioning with hardware (NacAgent version 2) downloaded from Cisco's Web site (as described in the documentation)

  I have a basic plan of authentication and authorization that allow me to well but I expect the NACAgent to be upgraded.

  No profiling is configured at the moment.

  Is that someone can help?

  Best regards?

  Hello

  In the ISE settings provisioning client, activate you the option where the NAC upgrade agent is required. However, it is to you to run updates perioidic and map the most recent agent in the configuration of the parameters of the client.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Problems with the new Agent installation 12

  Hello
  
  Installed a new officer on 12 c, the installation was successful.
  But the Agent status is not properly in the Console.
  
  Why? All possible cases?
  
  s/n

  Hello

  Thanks for the pointers...

  When you use the b_startAgent parameter.
  After installation, there are the 3 steps:

  1 start the agent of
  . / emctl start agent

  2. Add the target
  . / emctl config agent addinternaltargets

  3 configuration of the Plugin
  /Core/12.1.0.1.0/Perl/bin/perl /core/12.1.0.1.0/bin/AgentPluginDeploy.pl - Origine_oracle /core/12.1.0.1.0 - agentDir - pluginIdsInfoFile /plugins.txt - action set - emStateDir

  Once the steps above carried out, check the status. If possible once syncing of the agent as well.

  Go to the Home Agent and the "agent" dropdown select resynchronization.

  Best regards
  Vincent

• Problem of the NAC. Failed to add server.

  Hi all!

  I can't add a nac server to the CAM. Error: Cannot add the server: server access to the own conflicted with the IP <10.52.244.146>must first be removed.

  Add Server IP: 10.52.244.194. I checked all the settings. This address is not used in the IP address of the server of Pentecost - 10.52.244.146 settings.

  I don't see in the newspapers of useful information.

  Why didn't I have this error on the CAM?

  You might be hitting this bug: CSCtd27095

  http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtd27095

  Please follow the "Workaround" recommended in the bug.

• NAC agent the wireless runs whenever we have controllers

  Hello everyone, we have a problem in our environment and wanted to inquire about this. We have a Cisco wireless infrastructure in place - 5508 2 controllers and about 200 3502 AP we have split the AP evenly between 2 controllers. We backend system with an own server in the strip of the NAC device for post assesment. What we are seeing, is that when a user "passes" a point of access to the other, and if the AP is connected to 2 separate controllers, the NAC agent will take place once again. Newspapers in cam supports this, as we see the user is disconnected and then reconnected. We have 2 controllers configured in a mobility group which should allow roaming. So what would be the expected behavior? Is the controller always send RADIUS Accounting Stop packets to the CAs when it tends a session wireless to another controller, even if they are in a group of mobility?  Any help or thoughts would be appreciated.

  Thank you

  The f

  Jeff,

  Since you're using dot1x, I found the following note in the configuration guide for mobility:

  http://www.Cisco.com/en/us/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

  

  All clients configured with 802. full authentication is complete by 1 security X/Wi-Fi Protected Access (WPA) to conform to the IEEE standard.

  Your radius server that you see a second authentication attempt from the second controller? If Yes, then most likely, this is because of the management of accounts radius stop and start messages while roaming.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• The Stub of the NAC for 4.7 Agent options

  Hello

  Does anyone know if Cisco provides an option of replacement for the role of the NAC Agent of the Stub in version 4.7?

  Thank you.

  Dennis,

  The service is installed as part of installing the agent. Now the agent installation requires administrator rights.

  HTH,

  Faisal

• Question commissioning of the ISE NAC agent

  I downloaded the NAC agents and modules of conformity to the ISE and configured the client provisioning rules. The user guide is not really explain very good next steps.

  I guess because the identity of the user groups are used in politics, commissioning is used with webauth, is that correct?

  Jeppe,

  The commissioning customer is done with any authentication method. Whether via dot1x or webauth, it is the authorization policy that starts this process. You redirect your customers customer provisioning portal using the authorization policy. Then, you determine which agent (web agent, agent nac or no agent) through the client provisioning policy.

  Hope that helps,

  Tarik Admani
  * Please note the useful messages *.

• NAC agent constantly authenticate

  I have a problem with NAC 4.9.4.3 where he réauthentifie randomly. There is no newspaper on the switch or within ISE to explain why this happens. The user seems to remain connected. Did somebody encounter this problem?

  Hi Deirra,

  How many times do you see that? You experience this problem with all the endpoints?

  If you don't see the newspaper on the ISE/switch so maybe not pure new authentication. The question may be followed by looking at the NAC agent logs.

  -Jousset

• NAC Agent recognizes bad OS

  I have a laptop windows 7 where the NAC agent think it's windows XP. It fails the NAC checks because he wants to ServicePack 3 must be installed. Has anyone already this issue or know where the NAC agent provides for what operating system it is?

  Just getting worse, I reinstall windows 7 but I was wondering if anyone could provide any idea for me?

  Johnathan,

  We have encountered this problem before. Check the properties for the executables of the NAC Agent and make sure that compatibility mode is not set to Windows XP.

  Doug

• NAC agent don't popup configure what ORGANIZATIONAL unit in Active Directory

  Hi expert,

  I need help problem on NAC L2OOB-VG, the NAC server and client version 4.7.2. My problem is:

  -Before I use NAC ADSSO with Windows Server 2003 Active Directory and everything work fine. Untrust popup of the NAC agent connection users, authenticate users and users of action switch for trust to Vlan.

  -Now my DC have a problem so I upgrate this DC to Windows Server 2008 SP2 and configure the OU, Active Directory, I create OUS and move users to OR for simple management, after that I configured ktpass and service ADSSO in the NAC has start.

  So now my problem is:

  -Agent NAC users connection not popup and does not authenticate users.

  -When I move this users in UO to the domain users, popup will for the Attorney to the NAC and authenticate the user.

  How can I configure NAC in consultation with users in UO?

  Thank you for any assistance.

  Hello

  You have defined LDAP search servers to use with your SSO AD? All maps are you doing?

  Faisal