I am using a 3000 series concentrator to enforce network admission control for remote clients comming in VIA vpn. We are using Cisco NAC framework using ACS 4.1 but we notice posture validation takes a long time and the downloadable filter is not applied allowing access to the network for several minutes. Is there anything I can trouble shoot or tune to speed this process up. It should be noted that the clients are trying to ping through the sensor as soon as the tunnel is up so the EAP challenge should take place straight away. We are also using Cisco's CTA on the clients
I have this problem too.