ACS NAC and VPN

Unanswered Question
May 1st, 2007

I am trying to set up NAC using ACS 4.1 and a VPN concentrator 3015 using 4.7.2K. I have had it working before using 3.3 and 4.0, but had to wipe out my server because of some issues. This is all in test, but I would like to complete this soon.

Is there some document out there that will allow me to see examples of this setup? I have googled it and checked on Cisco, but the examples are normally IOS specific. Any help would be appreciated.

Thanks

Dwane

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
umedryk Mon, 05/07/2007 - 11:10

Refer to the link to the NAC Phase One whitepaper which is the best guide to configuring NAC at the moment.

The document was released prior to NAC introduction on the VPN concentrator, but all the ACS and CTA configuration is valid.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns466/c654/cdccont_0900aecd80217e26.pdf

also refer these links to know more info about VPN concentrator with NAC:

http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee22f.html#wp1652431

dpatkins Wed, 06/20/2007 - 13:50

I finally got the NAC to work on the Symantec signature. What I am looking for now is a point of contact for McAfee and for TrendMicro for an attribute file or soemthing along those lines. If anyone has an email address or a phone number to any of these corporations, I would appreciate it.

Dwane

Ernesto Fernand... Wed, 07/25/2007 - 04:12

Hello,

I have the same lab that you but i dont got NAC working fine, all session are hold-off. Can you help-me?. I have the trendmicro and McAfee adf and PP files, if you need i can send you.

Regards.

dpatkins Thu, 07/26/2007 - 07:56

I can help as much as possible. If you can post or email those .adf files, that would be great. I am going to try and get this back up and online by next week for demo'ing.

Thanks

Dwane

Ernesto Fernand... Thu, 07/26/2007 - 22:50

Hi,

I post the adf files, and i have solved the problem with the VPN/NAC. it's a problem with timeout.

The eou default timer is 3 seconds, but the CTA is slow in recover posture plug-in information and the eou session fail in obtain response. I have grow up the timer and all work fine (10 seconds for me).

Regards.

Attachment: 
dpatkins Mon, 07/30/2007 - 10:05

I did not know this. I will have to change my timeout as well then. It was all for testing, but I would like to demo and go live in the next month or so. Glad it is working and thanks for the post.

Dwane

Actions

This Discussion