cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1805
Views
0
Helpful
9
Replies
pobi2009rus
Beginner

Cisco NAC Server

Hello! Help me please!

Im perform installation Cisco NAC Server 3315 ver. 4.8(2) but after that I cann't connect to Server by https - HTTP 403 Forbidden. And I can connect to NAC Server by ssh.

What could be the reason?

9 REPLIES 9
Tarik Admani
Advocate

Did you perform the steps during the installation and reboot the box? If so, please issue service perfigo config and verify that everything is configured correctly. What url are you using? Try https://nacserverip/admin.

thanks,

Tarik

I am getting the same issue and when i checked the server an error occurs nCipher server not in operational mode. Please change the settings. please suggest me how to do that. Because of this i ma not able to open the https. it was working

fine but after the reboot the issue arised.

please help

thanks

Tarunava

Can you paste the exact error that you are receiving and where it is coming from? The webpage or the console. Also what version of clean access are you running?

Thanks,

Tarik

While rebooting , i am getting this:

Starting nc_drivers:  /dev/nfastpci0
[  OK  ]

Starting nc_hardserver:  waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
[FAILED]

Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
key_load_private_pem: RSA_blinding_on failed

Could not load host key: /root/.perfigo/sec/tomcat.key

Disabling protocol version 2. Could not load host key

sshd: no hostkeys available -- exiting.

[FAILED]

Starting xinetd: [  OK  ]

Starting console mouse services: [  OK  ]

Starting nessusd: Loading the Nessus plugins...
All plugins loaded                                  
[  OK  ]

Starting crond: [  OK  ]

Starting anacron: [  OK  ]

Starting atd: [  OK  ]

Starting jexec:  Starting jexec services[  OK  ]

Starting Ncipher services
-- Running startup script 45drivers

-- Running startup script 46exard


-- Running startup script 50hardserver
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
Starting perfigo:  click: starting router thread pid 2092 (f7b7d340)
Failed execute command : CONNECTFORCE, Error : Connection refused
BaseAgent process reconnecting...
Failed execute command : ACTIVE, Error : Connection refused
BaseAgent executes [ACTIVE] ...
Link Detect Manager only operates when HA is enabled.
NFastApp_Connect failed: ServerNotRunning

And then in the hardserver log I am getting nCipher card not in operational mode. Please change the settings on the card.

How to resolve the issue.

Thanks

Shalvi Yadav

Shalvi,

Just want to clarify a few thing:

1. Was this a fresh, new install?

2. Did you use the external card reader to initialize the nCipher card durring the fresh install?

3. is the switch on the nCipher card int the "O" position?

Thanks,

Robert

It is a new install. the device is Cisco NAC 3315 appliance. i havent used any external card reader. the device was working fine and i did the configuration and web console was also coming. then the device got rebooted and when the device got up this error came.

How to check the "O" position. I have no idea regarding it. I have no idea how to change the settings.

Please help.

Thanks

Shalvi

Shalvi,

If your CAM is a FIPS-compliant platform (which it is) the first prompt should asks if  you want to initialize the on-board FiPS card.

Please view the link below and attempt to initialize the FIPS nCipher card.  Let me know if you have any additional issues or questions.

http://www.cisco.com/en/US/docs/security/nac/appliance/installation_guide/hardware/48/hi_instal.html#wp1040251

Once you have finished initializing the CAM try restarting and accessing again.

Robert

the point is it is not asking for the same..see the attached capture during restart. i even used service perfigo config but it is not prompting for FIPS mode.

see it directly asks for :

he utility will now ask you a series of configuration questions.

Please answer them carefully.

Cisco Clean Access Server, (C) 2011 Cisco Systems, Inc.

Configuring the network interfaces:

Please enter the IP address for the interface eth0 []: 10.20.70.13  [C  [C  [C

You entered an incorrect IP address

Please enter the IP address for the interface eth0 []: 10.20.70.140

You entered 10.20.70.140 Is this correct? (y/n)? [y] y

Please enter the netmask for the interface eth0 [255.255.255.0]: 255.255.255.248

You entered 255.255.255.248, is this correct? (y/n)? [y]

Please enter the IP address for the default gateway []: 10.20.70.137

You entered 10.20.70.137 Is this correct? (y/n)? [y]

[Vlan Id Passthrough] for packets from eth0 to eth1 is disabled.

Would you like to enable it? (y/n)? [n]

Content for Community-Ad