Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
913
Views
0
Helpful
4
Replies

Configuring HA on Cisco NAC (Cisco Clean Access)

oabduo983
Level 1
Level 1

‎02-02-2007 05:23 AM - edited ‎02-21-2020 01:24 AM

Hi Guys,

I'm willing to do the HA configuration between the two Managers and the two Servers? I had three concerns on this

1- CAM DNS mapping: if I do this locally on the CAM appliances, would I map the name to eth0 IP address or the eth1 IP address (where the cross over cable is connected).

2- I'm generating temporary certificates on the Primary CAS and l load them to the secondary but I get a failure. What is the purpose of the SSL certificate on the CAS?

3- I https into the service IP and I get to the primary CAM, when I add the service IP of the CAS It gives a message saying cannot add the server. (Note: previously I had the Primary CAM and CAS working fine, the system (CAS) went down only after adding the secondary CAS, but I still can access both CAS through https and ssh).

I will rate your helpful post!

Regards,

0 Helpful
4 Replies 4

egaytan
Level 1
Level 1

‎02-19-2007 10:33 AM

Hello

I?m not an expert, but I'm installing a NAC appliance too, :)

1) You must map each one CAM to a DNS for resolve locally the CAM name, using eth0 , also the service ip address.

2) What kind of failure ? The certificate is generate to keep the comunication between CAM and CAS in case of failure of the primary CAS.

3) You must add without problems.

Maybe this link will be helpful for you:

http://www.cisco.com/en/US/products/ps6128/prod_presentation0900aecd80549168.html

Let me know if it was successfull.

Regards

Ernesto

0 Helpful

juancarlosorellana
Level 1
Level 1
In response to egaytan

‎05-13-2010 03:08 PM

TWO IS  POSSIBLE TO OPERATE CAS To  put it another FORM TO MAKE A STACKING NAC?

Sugiere una traducción mejor
0 Helpful

Faisal Sehbai
Level 7
Level 7

‎05-14-2010 12:35 PM

Hello,

1. For HA setups, the name should resolve to the Virtual IP address of the trusted side

2. SSL certs are used for all sorts of communications on the CAS and CAM. On the CAS it's used for HA, client communications and CAM/CAS communications.

3. You need to add the cert that you installed on both the CASs to the Trusted Certificate Authorities tab on the CAM. Do this on both CAMs. Also take the CAM cert and install that in the Trusted Certificate Authorities tab on both CASs. This is assuming you did self-signed certs on all devices.

HTH,

Faisal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card