Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I've been tasked with cleaning up a failed NAC (4.8.0 VGW L2 OOB) install, and am running into an issue. When the users are in the unauthenticated role (and properly in the unauthenticated vlan), the traffic control ACLs are not functioning. The us...
I want to install multiple (real) certificates on an ASA for the purpose of using multiple SSL VPN pages. For instance:www.server1.com/portal1 (resolves to outside IP of ASA and gets assigned a tunnel-group via the /portal1)www.server2.com/portal2 (...
I'm in the implementation phase of NAC 4.1.0.2 (OOB VGW with 3 HA CAS pairs and 1 HA CAM pair). I recently moved all 8 servers from a 2950 that I was using for testing to the 6509. Ever since, I've been experiencing an ARP storm when both eth0 and ...
I found it. The previous admin had created subnet filters that allowed all traffic from the subnets that were being assigned to workstations. Evidently, that allows all traffic to just pass right through the CAS, regardless of the user role poli...
The mac addresses look good. Untrusted side goes out the link to the switch the test machine is plugged into. Trusted side comes from the switch the CAS is plugged into, as expected.The traffic is definitely not circumventing the CAS.Dave
Thank you for your response.There is no SVI configured on the unauthenticated VLANs. I verified that traffic is in fact flowing through the CAS by shutting off the untrusted NIC. When I did this, traffic immediately stopped. I left the interface ...
Thanks for your reply. Your workaround is the only one I've been able to come up with myself, too. And it is not feasible as an ongoing solution in this case. The customer wound up purchasing an ACE server to do SSL acceleration. Dave
