cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
5
Helpful
2
Replies

Cisco NAC agent pop up continiously

cisabucho
Beginner
Beginner

Hi,

I am facing a problem with Cisco NAC agent Version : 4.9.5.4 and Compliance Module Version: 3.6.9845.2 such that after successfully passing through posture compliance and getting full network access, the agent will pop up again and go through posture remediation. This happens at irregular intervals and multiple times throughout the day. The DACL with permit ip any any is applied after successful posture validation. 

On the client machines, they are using explicit http proxy config on port 8080 to forward all web requests to Microsoft TMG proxy server.  What can I do to resolve this issue? I am ready to supply any additional info.

The ISE version is as follows:

Version1.2.1.198
Installed Patches

3

2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

check the following link

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118724-technote-ise-00.html#anc14

jan.nielsen
Rising star
Rising star

I think you should try and exclude the discovery host that you have configured in your nac client from your proxy settings, it is probably detecting the TMG as being redirected, and thinking that it hasn't been given it's "permit ip any any" yet.

 

An easy test is, to put the discovery host into a browser, and see you you actually are able to reach your discovery host with regular http when you have been deemed compliant-

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers