Problem of the NAC - Agent is a disconnect
Hello
We have a problem with the NAC in mode virtual outofband.
AD SSO, sanitation, everything is working, but the strange things happening: after awhile, when downloading large files, Agent connects to the formula of network users, and the registration process is restarted.
I disabled the pulsation clocks and timers, session, but we still have a problem.
Also, while sniffing traffic on the switch port, I noticed that after have correctly connected you to the own Cisco Agent network always send traffic to UDP Port 8905. Is this a normal behavior?
I noticed problems with this version of the agent causing connections to give up intermittently. I would upgrade to agent v4.1.3.1.
Tags: Cisco Security
Similar Questions
-
Connection disabled for the Nac Agent
Hello
After installing the NAC Agent on Windows XP.
The login window does not appear.
Please see the attached support cisco report.
Please suggest to overcome this problem.
Thank you
Abuzar
Well, the default gw is an L3 device you have on your network, and if there is a firewall you will need to open the communication to these ports.
What is the configuration of VLANS on the switch where the client is connected?
Do you have an organizational chart?
See you soon,.
Tiago
-
Problem of the NAC in the virtual tape gateway VPN SSO
Hello
I've implemented a NAC solution for remote users. The unit of CASE mode configured in the gateway enVirtual Strip.
I followed all the steps listed in http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
Remote users can connect succeffuly using the cisco vpn software and they can ping the SIN, but not the DNS (the ASA offers IP @ but not the DNS I do not know why).
When I access the NAS, I can download the NAC Agent but VPN SSO is not executed and the Agent asks me to connect using LOCAL DB.
Any help please,.
Kind regards
Larson,
For VPN SSO work, you must send the accounting package to the CAs. The CASE can in turn send for the ACS if you need accounting also be done on GBA, but for authentication ONLY work, the accountant must reach the CASE.
HTH,
Faisal
-
ISE - profile of the NAC agent
Dears
I want to deploy via GPO NAC agent and I need to create the agent profile, I know how to create on ISE, but how to get the file in xml format which will be distributed?
You can try to install only a single PC (whether by a manual installation or captive portal). If you have set up rules of posture while ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml.
Then you can browse the following directory and find the NACAgentcfg.xml file in your PC.
C:\Program Files (x 86) \Cisco\Cisco NAC Agent
After that, you can deploy mass agent of the NAC as well as the xml file. Well that is not required to deploy the xml file as a I said, every time, there is a rule of posture the NAC agent will download the last available the ISE Server NACAgentcfg.xml.
Please rate if this can help.
-
The NAC Agent running application scan
Ladies and gentlemen,
My client is to be on ISE PoC. They want to test the functionality of Posture to run the application.
I would like to ask: what is the NAC agent scan interval. If I want to use Agent NAC to scan the PC, an illegal demand, but initially, during the connection, the application is not running. After NAC agent notify that it respects the customer, user start this application. The question therefore, Agent NAC detectable by whom?
Kindly share your experience about it. Thank you for your support.
Kind regards
Hiep
Hiep,
The feature you requested is passive revaluation and is made on intervals configured by the administrator.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_pos_pol.html#...
Thank you
Tarik Admani
* Please note the useful messages *. -
Problem of the NAC plugins &; Nessus
Hi all!
I have a problem with the installation of the Nessus plugin. ((
After reading Installation Guides I have not a clear understanding what files should I download. So I have 2 files:
Nessus-plugins - 2.2.10.tar.gz (6507 KB)
Nessus-plugins-GPL - 2.2.10.tar.gz (1071 KB)
of http://www.nessus.org/download/index.php
After renaming, I tried to download each of them turning the cam under updates of the Plugin. CAM said "Upload successful" and has always some plugins (Scan Setup-> Plugins).
So I don't understand what the problem... ((
Can someone share file plugins.tar.gz correct, please...?
Concerning
You must download and install the Nessus appropriate for your PC.
After downloading the latest plugins on the site of Nessus, in the directory (for a Windows installation) c:/Program Files / sustainable / Nessus / Plugins, you will have a file 'plugin.tar.gz '. You can rename or copy this into "plugins.tar.gz".
Then in the console the NAC Manager, under ACCESS OWN-> NETWORK SCANNER-> Plugin updates, go to the same folder and choose the file "plugins.tar.gz". It MUST be named exactly as described - with the S - to work. Complete the DOWNLOAD. When finished go to the Configuration of Scan tab and select all in the show _ Plugins dropdown. You should hae about 20,000 of them.
HTH.
Jim
-
The NAC Agent autoUpgrade ISE possible?
Hi all
I have this:
802.1 x-window with the NacAgent version (say 1) <---->802. 1 x switch active (RADIUS aaa OK) <------>ISE and AD on the same LAN
ISE is configured for client provisioning with hardware (NacAgent version 2) downloaded from Cisco's Web site (as described in the documentation)
I have a basic plan of authentication and authorization that allow me to well but I expect the NACAgent to be upgraded.
No profiling is configured at the moment.
Is that someone can help?
Best regards?
Hello
In the ISE settings provisioning client, activate you the option where the NAC upgrade agent is required. However, it is to you to run updates perioidic and map the most recent agent in the configuration of the parameters of the client.
Thank you
Tarik Admani
------>---->
* Please note the useful messages *. -
Problems with the new Agent installation 12
Hello
Installed a new officer on 12 c, the installation was successful.
But the Agent status is not properly in the Console.
Why? All possible cases?
s/nHello
Thanks for the pointers...
When you use the b_startAgent parameter.
After installation, there are the 3 steps:1 start the agent of
. / emctl start agent2. Add the target
. / emctl config agent addinternaltargets3 configuration of the Plugin
/Core/12.1.0.1.0/Perl/bin/perl /core/12.1.0.1.0/bin/AgentPluginDeploy.pl - Origine_oracle /core/12.1.0.1.0 - agentDir - pluginIdsInfoFile /plugins.txt - action set - emStateDir Once the steps above carried out, check the status. If possible once syncing of the agent as well.
Go to the Home Agent and the "agent" dropdown select resynchronization.
Best regards
Vincent -
Problem of the NAC. Failed to add server.
Hi all!
I can't add a nac server to the CAM. Error: Cannot add the server: server access to the own conflicted with the IP <10.52.244.146>must first be removed.
Add Server IP: 10.52.244.194. I checked all the settings. This address is not used in the IP address of the server of Pentecost - 10.52.244.146 settings.
I don't see in the newspapers of useful information.
Why didn't I have this error on the CAM?
You might be hitting this bug: CSCtd27095
Please follow the "Workaround" recommended in the bug.
10.52.244.146> -
NAC agent the wireless runs whenever we have controllers
Hello everyone, we have a problem in our environment and wanted to inquire about this. We have a Cisco wireless infrastructure in place - 5508 2 controllers and about 200 3502 AP we have split the AP evenly between 2 controllers. We backend system with an own server in the strip of the NAC device for post assesment. What we are seeing, is that when a user "passes" a point of access to the other, and if the AP is connected to 2 separate controllers, the NAC agent will take place once again. Newspapers in cam supports this, as we see the user is disconnected and then reconnected. We have 2 controllers configured in a mobility group which should allow roaming. So what would be the expected behavior? Is the controller always send RADIUS Accounting Stop packets to the CAs when it tends a session wireless to another controller, even if they are in a group of mobility? Any help or thoughts would be appreciated.
Thank you
The f
Jeff,
Since you're using dot1x, I found the following note in the configuration guide for mobility:
http://www.Cisco.com/en/us/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html
All clients configured with 802. full authentication is complete by 1 security X/Wi-Fi Protected Access (WPA) to conform to the IEEE standard.
Your radius server that you see a second authentication attempt from the second controller? If Yes, then most likely, this is because of the management of accounts radius stop and start messages while roaming.
Thank you
Tarik Admani
* Please note the useful messages *. -
The Stub of the NAC for 4.7 Agent options
Hello
Does anyone know if Cisco provides an option of replacement for the role of the NAC Agent of the Stub in version 4.7?
Thank you.
Dennis,
The service is installed as part of installing the agent. Now the agent installation requires administrator rights.
HTH,
Faisal
-
Question commissioning of the ISE NAC agent
I downloaded the NAC agents and modules of conformity to the ISE and configured the client provisioning rules. The user guide is not really explain very good next steps.
I guess because the identity of the user groups are used in politics, commissioning is used with webauth, is that correct?
Jeppe,
The commissioning customer is done with any authentication method. Whether via dot1x or webauth, it is the authorization policy that starts this process. You redirect your customers customer provisioning portal using the authorization policy. Then, you determine which agent (web agent, agent nac or no agent) through the client provisioning policy.
Hope that helps,
Tarik Admani
* Please note the useful messages *. -
NAC agent constantly authenticate
I have a problem with NAC 4.9.4.3 where he réauthentifie randomly. There is no newspaper on the switch or within ISE to explain why this happens. The user seems to remain connected. Did somebody encounter this problem?
Hi Deirra,
How many times do you see that? You experience this problem with all the endpoints?
If you don't see the newspaper on the ISE/switch so maybe not pure new authentication. The question may be followed by looking at the NAC agent logs.
-Jousset
-
I have a laptop windows 7 where the NAC agent think it's windows XP. It fails the NAC checks because he wants to ServicePack 3 must be installed. Has anyone already this issue or know where the NAC agent provides for what operating system it is?
Just getting worse, I reinstall windows 7 but I was wondering if anyone could provide any idea for me?
Johnathan,
We have encountered this problem before. Check the properties for the executables of the NAC Agent and make sure that compatibility mode is not set to Windows XP.
Doug
-
NAC agent don't popup configure what ORGANIZATIONAL unit in Active Directory
Hi expert,
I need help problem on NAC L2OOB-VG, the NAC server and client version 4.7.2. My problem is:
-Before I use NAC ADSSO with Windows Server 2003 Active Directory and everything work fine. Untrust popup of the NAC agent connection users, authenticate users and users of action switch for trust to Vlan.
-Now my DC have a problem so I upgrate this DC to Windows Server 2008 SP2 and configure the OU, Active Directory, I create OUS and move users to OR for simple management, after that I configured ktpass and service ADSSO in the NAC has start.
So now my problem is:
-Agent NAC users connection not popup and does not authenticate users.
-When I move this users in UO to the domain users, popup will for the Attorney to the NAC and authenticate the user.
How can I configure NAC in consultation with users in UO?
Thank you for any assistance.
Hello
You have defined LDAP search servers to use with your SSO AD? All maps are you doing?
Faisal
Maybe you are looking for
-
Nothing to display all bookmarks
I'm trying to sort and delete bookmarks, but nothing in my bookmark library when I go to display all bookmarks. All my favorites are from the bookmarks drop-down menu. All the tags and history appear in the "library".
-
Satellite A100 cannot read the CD burned from different computers
Hello! I have no problem with the installation of programs on CD, listen to music, watch a DVD, or burning sensation. But I can not read the CD-Roma who were burned in other computers, and I recently bought a program that has been "customized" (IE pr
-
I use hotmail for all my email address, and every time I open an e-mail message with an attachment (video or document), hotmail automatically disconnects me to windows Explorer. The message that I was disconnected (as if I had left the account open
-
change the text in Notepad so its readable
I open a file in Notepad and put into shape but its always unreadable text could just one out there help me please thank you
-
Computer application for this program to run
Original title: uPrograms compatibility Application ApplicationsContent Manager permission to continue p, it seeks approval for this program to run, how can I stop it. I tried administrator and run in vista mode he asks again. Any ideas?