Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
242
Views
5
Helpful
2
Replies

cisco trust agent?

MARK BAKER
Level 4
Level 4

‎08-06-2005 10:40 PM - edited ‎03-09-2019 12:03 PM

I am trying to test NAC with a vpn 3000 concentrater 4.7 and ACS 3.3. It appears the configuration is correct, but it doesn't seem to be working.

I might be able to figure out what was going on if I could get logging to work for either CTA or the vpn concentrator. The only logging I see for CTA is when I start and stop it; nothing when I connect to the vpn concentrator. The vpn concentrator only shows "EAPoUDP association already active". I don't see pass or fail logs in ACS either.

Any ideas why cta or vpn3000 logging is not showing anything for NAC? I have them both set to log everything related to NAC.

Also, to pass the cisco-av-pair posture tokens, do I need to configure ACS to use ios/pix radius, or will it still pass these values while configured for vpn3000 radius?

Thanks for any help,

Mark

Labels:
0 Helpful
2 Replies 2

MARK BAKER
Level 4
Level 4

‎08-09-2005 05:47 AM

I found the answers to my questions:

You can pass the cisco-av-pair while using "vpn3000 radius" under ACS network configuration.

I had to create a rule in Windows firewall under the vpn client adapter to allow EAPoUDP to make it work.

Thank you,

Mark

Bryan.Carter
Level 1
Level 1
In response to MARK BAKER

‎12-21-2005 09:28 PM

Mark,

I have been trying to make this work for two months. I finally found your post and am very interested in your config if you would be willing to share a generic version of them with me. I haven't been able to figure out why the cisco-av-pair info hasn't been coming through on the ACS reports. I think you have the answer to the problem.

Thanks

Bryan Carter

0 Helpful
Customers Also Viewed These Support Documents