Configuring HA on Cisco NAC (Cisco Clean Access)

Unanswered Question
Feb 2nd, 2007

Hi Guys,

I'm willing to do the HA configuration between the two Managers and the two Servers? I had three concerns on this

1- CAM DNS mapping: if I do this locally on the CAM appliances, would I map the name to eth0 IP address or the eth1 IP address (where the cross over cable is connected).

2- I'm generating temporary certificates on the Primary CAS and l load them to the secondary but I get a failure. What is the purpose of the SSL certificate on the CAS?

3- I https into the service IP and I get to the primary CAM, when I add the service IP of the CAS It gives a message saying cannot add the server. (Note: previously I had the Primary CAM and CAS working fine, the system (CAS) went down only after adding the secondary CAS, but I still can access both CAS through https and ssh).

I will rate your helpful post!

Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
egaytan Mon, 02/19/2007 - 10:33

Hello

I?m not an expert, but I'm installing a NAC appliance too, :)

1) You must map each one CAM to a DNS for resolve locally the CAM name, using eth0 , also the service ip address.

2) What kind of failure ? The certificate is generate to keep the comunication between CAM and CAS in case of failure of the primary CAS.

3) You must add without problems.

Maybe this link will be helpful for you:

http://www.cisco.com/en/US/products/ps6128/prod_presentation0900aecd80549168.html

Let me know if it was successfull.

Regards

Ernesto

juancarlosorellana Thu, 05/13/2010 - 15:08

TWO IS  POSSIBLE TO OPERATE CAS To  put it another FORM TO MAKE A STACKING NAC?

Sugiere una traducción mejor
Faisal Sehbai Fri, 05/14/2010 - 12:35

Hello,

1. For HA setups, the name should resolve to the Virtual IP address of the trusted side

2. SSL certs are used for all sorts of communications on the CAS and CAM. On the CAS it's used for HA, client communications and CAM/CAS communications.

3. You need to add the cert that you installed on both the CASs to the Trusted Certificate Authorities tab on the CAM. Do this on both CAMs. Also take the CAM cert and install that in the Trusted Certificate Authorities tab on both CASs. This is assuming you did self-signed certs on all devices.

HTH,

Faisal

Actions

This Discussion