Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
5
Helpful
2
Replies

Cisco NAC agent pop up continiously

cisabucho
Level 1
Level 1

‎05-21-2015 07:21 AM - edited ‎03-10-2019 10:44 PM

Hi,

I am facing a problem with Cisco NAC agent Version : 4.9.5.4 and Compliance Module Version: 3.6.9845.2 such that after successfully passing through posture compliance and getting full network access, the agent will pop up again and go through posture remediation. This happens at irregular intervals and multiple times throughout the day. The DACL with permit ip any any is applied after successful posture validation. 

On the client machines, they are using explicit http proxy config on port 8080 to forward all web requests to Microsoft TMG proxy server.  What can I do to resolve this issue? I am ready to supply any additional info.

The ISE version is as follows:

Version1.2.1.198
Installed Patches

3

2 people had this problem
Labels:
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎05-28-2015 02:13 AM

check the following link

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118724-technote-ise-00.html#anc14

0 Helpful

jan.nielsen
Level 7
Level 7

‎05-28-2015 07:40 AM

I think you should try and exclude the discovery host that you have configured in your nac client from your proxy settings, it is probably detecting the TMG as being redirected, and thinking that it hasn't been given it's "permit ip any any" yet.

 

An easy test is, to put the discovery host into a browser, and see you you actually are able to reach your discovery host with regular http when you have been deemed compliant-

0 Helpful
Customers Also Viewed These Support Documents