cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
6
Replies

ACS NAC and VPN

dpatkins
Level 1
Level 1

I am trying to set up NAC using ACS 4.1 and a VPN concentrator 3015 using 4.7.2K. I have had it working before using 3.3 and 4.0, but had to wipe out my server because of some issues. This is all in test, but I would like to complete this soon.

Is there some document out there that will allow me to see examples of this setup? I have googled it and checked on Cisco, but the examples are normally IOS specific. Any help would be appreciated.

Thanks

Dwane

6 Replies 6

umedryk
Level 5
Level 5

Refer to the link to the NAC Phase One whitepaper which is the best guide to configuring NAC at the moment.

The document was released prior to NAC introduction on the VPN concentrator, but all the ACS and CTA configuration is valid.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns466/c654/cdccont_0900aecd80217e26.pdf

also refer these links to know more info about VPN concentrator with NAC:

http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee22f.html#wp1652431

I finally got the NAC to work on the Symantec signature. What I am looking for now is a point of contact for McAfee and for TrendMicro for an attribute file or soemthing along those lines. If anyone has an email address or a phone number to any of these corporations, I would appreciate it.

Dwane

Hello,

I have the same lab that you but i dont got NAC working fine, all session are hold-off. Can you help-me?. I have the trendmicro and McAfee adf and PP files, if you need i can send you.

Regards.

I can help as much as possible. If you can post or email those .adf files, that would be great. I am going to try and get this back up and online by next week for demo'ing.

Thanks

Dwane

Hi,

I post the adf files, and i have solved the problem with the VPN/NAC. it's a problem with timeout.

The eou default timer is 3 seconds, but the CTA is slow in recover posture plug-in information and the eou session fail in obtain response. I have grow up the timer and all work fine (10 seconds for me).

Regards.

I did not know this. I will have to change my timeout as well then. It was all for testing, but I would like to demo and go live in the next month or so. Glad it is working and thanks for the post.

Dwane

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: