Unanswered Question
Apr 20th, 2007
User Badges:


i have some problem with NAC ASA and CTA work.

Try to configure ASA to work with NAC.


VPN is connected and work fine (ping from local comp. to inside network via VPN)

CTA is installed and property work with wired 3750 (in NAC-L2-IP NAC-L2-Dot1x mode)

No log is append to CTA Log file, when connected to VPN (in wired L2-IP, there is new messages)

ACS is configured and work fine

ASA Configuration

ip local pool chernogorsky_pool mask

nat (inside) 0 access-list chernogorsky_acl_nonat

tunnel-group chernogorsky_ipsec type ipsec-ra

tunnel-group chernogorsky_ipsec general-attributes

address-pool chernogorsky_pool

authentication-server-group chernogorsky_aaa

authorization-server-group chernogorsky_aaa

default-group-policy chernogorsky_group_policy

nac-authentication-server-group chernogorsky_aaa

tunnel-group chernogorsky_ipsec ipsec-attributes

pre-shared-key *

group-policy chernogorsky_group_policy internal

group-policy chernogorsky_group_policy attributes

dns-server value

split-tunnel-policy tunnelspecified

split-tunnel-network-list value chernogorsky_aclsplit

default-domain value jmp-lab.local

nac enable

aaa-server chernogorsky_aaa protocol radius

aaa-server chernogorsky_aaa (outside) host

key cisco

ACS Log (after VPN connection, and start EAP)

%ASA-6-334001: EAPoUDP association initiated -

%ASA-5-334006: EAPoUDP failed to get a response from host -


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vivek Santuka Mon, 04/23/2007 - 07:28
User Badges:
  • Cisco Employee,


Please check if the CTA EOUDP service is running.



m_chernogorsky Mon, 04/23/2007 - 11:48
User Badges:

Yap, %=)

via wired connection all ok (802.1x, L2-IP mode), all work.


This Discussion