ASA NAC

Unanswered Question
Apr 20th, 2007

Hello,

i have some problem with NAC ASA and CTA work.

Try to configure ASA to work with NAC.

Conditions:

VPN is connected and work fine (ping from local comp. to inside network via VPN)

CTA is installed and property work with wired 3750 (in NAC-L2-IP NAC-L2-Dot1x mode)

No log is append to CTA Log file, when connected to VPN (in wired L2-IP, there is new messages)

ACS is configured and work fine

ASA Configuration

ip local pool chernogorsky_pool 10.11.5.1-10.11.5.254 mask 255.255.255.0

nat (inside) 0 access-list chernogorsky_acl_nonat

tunnel-group chernogorsky_ipsec type ipsec-ra

tunnel-group chernogorsky_ipsec general-attributes

address-pool chernogorsky_pool

authentication-server-group chernogorsky_aaa

authorization-server-group chernogorsky_aaa

default-group-policy chernogorsky_group_policy

nac-authentication-server-group chernogorsky_aaa

tunnel-group chernogorsky_ipsec ipsec-attributes

pre-shared-key *

group-policy chernogorsky_group_policy internal

group-policy chernogorsky_group_policy attributes

dns-server value 10.0.0.1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value chernogorsky_aclsplit

default-domain value jmp-lab.local

nac enable

aaa-server chernogorsky_aaa protocol radius

aaa-server chernogorsky_aaa (outside) host 10.0.0.1

key cisco

ACS Log (after VPN connection, and start EAP)

%ASA-6-334001: EAPoUDP association initiated - 10.11.5.1.

%ASA-5-334006: EAPoUDP failed to get a response from host - 10.11.5.1.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion