Cisco Nac Agent pops up continously after succesful login
I have a clean access server configured as OOB real IP gateway.
The clients are placed in authentication VLANs on the edge of the LAN that are a couple of L3 hops from the CAS.
We have policy based routing configured to pass client traffic from the authentication VLANs to the CAS.
Once the client is certified it is popped into the clients access VLAN.
All worked ok except that the NAC agent keeps popping up after successful login, attempting to login again.
I have now deployed an ACL to drop traffic from the client Access VLANs to the CAS so the client doesn't keep poppin up.
As far as I can see there is a SWISS service running with the agent that keeps sending data packets to the CAS and causes ths agent in our case to keep trying to authenticate again and again. The ACL I created prevents these packets and stops the continuing login attampts.
The annoying this is that the client can't update its user IP details in the CAM logs when I apply this ACL.
Is this by design? I would have thought once the client is logged on then the agent wouldn't need to keep trying to log on again.
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...