yes... i did it... :(

but its a default trusted dns policy... permit to all DNS Servers UDP port 53... is it correct? or i will type the IP address of my DNS manually?

No that's fine, as long as that rule applies to the role of the PC.

Try an nslookup on the PC. What's the output?

>nslookup www.cisco.com

hi...

in this moment im not in the company... the next friday i will try

thanks a lot!

Are u using a proxy server in your network?

Try enabling Parse Proxy checkbox under

CCA Servers-->Filter--> Roles--> Allowed hosts.

Try putting proxy server IP address and port number under CCA Servers---> Advanced ---> Proxy

hi

no... i dont have access to internet by proxy server... i have a firewall

:(

the nac server is working in layer 3 real ip gateway... when i put the ip address of the page for example www.symantec.com the users can access... but when i permit the access by host .symantec.com in all options like ends, contain, etc can't access...

Definitely sounds like DNS to me.

Hi

The result of the dns lookup in the host is the next:

*** Can't find server name for address 172.16.48.253: Non-existent domain

*** Default servers are not available

Server: UnKnown

Address: 172.16.48.253

Non-authoritative answer:

Name: com.com.mx

Address: 74.52.164.242

Aliases: www.cisco.com.com.mx

The result of the nslookup in the CAS is the next

[root@CAS-MTY ~]# nslookup www.cisco.com

Server: 172.16.48.253

Address: 172.16.48.253#53

Non-authoritative answer:

Name: www.cisco.com

Address: 198.133.219.25

Help me

Additionally, I'd like to say that my configuration is Out-of-Band Real-IP Gateway, Does anybody knows if there's a restriction to manage host-based policies?

Regards

Thats how mine was setup as well and it should not make a difference. What happens if you try to allow 'all traffic' in your policy. Does it resolve then?

Additionally, could you post a screenshot of your traffic policy and the output from an ipconfig /all on the client?

Thanks,