cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
394
Views
0
Helpful
2
Replies

ASA NAC

m_chernogorsky
Level 1
Level 1

Hello,

i have some problem with NAC ASA and CTA work.

Try to configure ASA to work with NAC.

Conditions:

VPN is connected and work fine (ping from local comp. to inside network via VPN)

CTA is installed and property work with wired 3750 (in NAC-L2-IP NAC-L2-Dot1x mode)

No log is append to CTA Log file, when connected to VPN (in wired L2-IP, there is new messages)

ACS is configured and work fine

ASA Configuration

ip local pool chernogorsky_pool 10.11.5.1-10.11.5.254 mask 255.255.255.0

nat (inside) 0 access-list chernogorsky_acl_nonat

tunnel-group chernogorsky_ipsec type ipsec-ra

tunnel-group chernogorsky_ipsec general-attributes

address-pool chernogorsky_pool

authentication-server-group chernogorsky_aaa

authorization-server-group chernogorsky_aaa

default-group-policy chernogorsky_group_policy

nac-authentication-server-group chernogorsky_aaa

tunnel-group chernogorsky_ipsec ipsec-attributes

pre-shared-key *

group-policy chernogorsky_group_policy internal

group-policy chernogorsky_group_policy attributes

dns-server value 10.0.0.1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value chernogorsky_aclsplit

default-domain value jmp-lab.local

nac enable

aaa-server chernogorsky_aaa protocol radius

aaa-server chernogorsky_aaa (outside) host 10.0.0.1

key cisco

ACS Log (after VPN connection, and start EAP)

%ASA-6-334001: EAPoUDP association initiated - 10.11.5.1.

%ASA-5-334006: EAPoUDP failed to get a response from host - 10.11.5.1.

Thanks

2 Replies 2

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

Please check if the CTA EOUDP service is running.

Regards,

Vivek

Yap, %=)

via wired connection all ok (802.1x, L2-IP mode), all work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: