08-06-2005 10:40 PM - edited 03-09-2019 12:03 PM
I am trying to test NAC with a vpn 3000 concentrater 4.7 and ACS 3.3. It appears the configuration is correct, but it doesn't seem to be working.
I might be able to figure out what was going on if I could get logging to work for either CTA or the vpn concentrator. The only logging I see for CTA is when I start and stop it; nothing when I connect to the vpn concentrator. The vpn concentrator only shows "EAPoUDP association already active". I don't see pass or fail logs in ACS either.
Any ideas why cta or vpn3000 logging is not showing anything for NAC? I have them both set to log everything related to NAC.
Also, to pass the cisco-av-pair posture tokens, do I need to configure ACS to use ios/pix radius, or will it still pass these values while configured for vpn3000 radius?
Thanks for any help,
Mark
08-09-2005 05:47 AM
I found the answers to my questions:
You can pass the cisco-av-pair while using "vpn3000 radius" under ACS network configuration.
I had to create a rule in Windows firewall under the vpn client adapter to allow EAPoUDP to make it work.
Thank you,
Mark
12-21-2005 09:28 PM
Mark,
I have been trying to make this work for two months. I finally found your post and am very interested in your config if you would be willing to share a generic version of them with me. I haven't been able to figure out why the cisco-av-pair info hasn't been coming through on the ACS reports. I think you have the answer to the problem.
Thanks
Bryan Carter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide