04-20-2007 01:34 AM - edited 02-21-2020 01:29 AM
Hello,
i have some problem with NAC ASA and CTA work.
Try to configure ASA to work with NAC.
Conditions:
VPN is connected and work fine (ping from local comp. to inside network via VPN)
CTA is installed and property work with wired 3750 (in NAC-L2-IP NAC-L2-Dot1x mode)
No log is append to CTA Log file, when connected to VPN (in wired L2-IP, there is new messages)
ACS is configured and work fine
ASA Configuration
ip local pool chernogorsky_pool 10.11.5.1-10.11.5.254 mask 255.255.255.0
nat (inside) 0 access-list chernogorsky_acl_nonat
tunnel-group chernogorsky_ipsec type ipsec-ra
tunnel-group chernogorsky_ipsec general-attributes
address-pool chernogorsky_pool
authentication-server-group chernogorsky_aaa
authorization-server-group chernogorsky_aaa
default-group-policy chernogorsky_group_policy
nac-authentication-server-group chernogorsky_aaa
tunnel-group chernogorsky_ipsec ipsec-attributes
pre-shared-key *
group-policy chernogorsky_group_policy internal
group-policy chernogorsky_group_policy attributes
dns-server value 10.0.0.1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value chernogorsky_aclsplit
default-domain value jmp-lab.local
nac enable
aaa-server chernogorsky_aaa protocol radius
aaa-server chernogorsky_aaa (outside) host 10.0.0.1
key cisco
ACS Log (after VPN connection, and start EAP)
%ASA-6-334001: EAPoUDP association initiated - 10.11.5.1.
%ASA-5-334006: EAPoUDP failed to get a response from host - 10.11.5.1.
Thanks
04-23-2007 07:28 AM
Hi,
Please check if the CTA EOUDP service is running.
Regards,
Vivek
04-23-2007 11:48 AM
Yap, %=)
via wired connection all ok (802.1x, L2-IP mode), all work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: