My customer is experiencing intermittent VPN issues in which the NAC agent will not pop-up upon connecting to the VPN. It works fine on the LAN however. The problem is not experienced by everyone. for example, it never happens to me, and has never happened to my contact at the client. but i am told that he has VPN users that this happens often to.
NAC can be initiated by either a reboot, or exiting the agent and allowing the redirect to relaunch the agent.
In some cases, the agent is not detected on the machine, and the redirect instructs the VPN user to install the agent, even though it is installed already. However, the case may also be that this same user was connected the day before.
What i am thinking is that it may have something to do with the SWISS discovery or timers.
DNS works fine. I have increased the SWISS timers, and disabled L3 SWISS delay. I have yet to know for sure if this will work, but i would like to get some insight from the community as to whether i am heading the right direction, or if others have a solutions.
I know another method would be to just do WebAgent, but the problem that would then introduce is being double postured. If the WebAgent launches, and they have the client installed, they may both run at the same time.
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...