Integrating Cisco NAC v4.8.1 With an Internal WSUS Server

Ramraj Sivagnanam Sivajanam · ‎08-15-2011

Hi

I've Cisco NAC deployed, and all is good so far. Lately, I've added an internal WSUS Server in my LAN. Hence, what I want to achieve here is, I want all my LAN users when accessing into the LAN via Cisco NAC, the Cisco NAC should check with the internal WSUS server if the PC meets all the policies and requirements etc.

I've configured the NAC Manager based on the document I found on the Cisco website

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1353947

My issue here is, for some wierd reason the UPDATE button seems to be gray-ed out but I can click on the SKIP button. I need to click on the UPDATE button, so that the PC can talk to the internal WSUS Server to obtain all necessary updates from the internal WSUS server. Attached is a screen shot for your kind reference.

Please kindly advice, where have I gone wrong. I know this is a configuration issue on the NAC Manager but I don't know where. Please kindly assist me.

Thank you.

Regards,

Ram

Warm regards,
Ramraj Sivagnanam Sivajanam

Tarik Admani · ‎08-31-2011

Ramraj,

The WSUS requirement only initiates the WSUS services if a rule fails a check that rolls up to this requirement. It is up to either a GPO to set which WSUS servers are configured for the WSUS agent and then allow access to this WSUS server in the temporary role. Keep in mind that the Windows requirements are sent from the perfigo servers and it doesnt check the clients updates against a specific WSUS server.

Thanks,

Tarik

Ramraj Sivagnanam Sivajanam · ‎09-01-2011

Hi Tarik

My issue with the UPDATE button has been resolved but for some wierd reason, it works fine with some workstations and not for some workstations even though they are all in WIndows XP O/S :-(

By any chance, have you encountered such issues before?

Warm regards,
Ramraj Sivagnanam Sivajanam