Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
5
Helpful
2
Replies

NAC - not redirecting users to login page after upgrade

mlejon
Level 1
Level 1

‎01-24-2008 03:10 AM - edited ‎02-21-2020 01:52 AM

Hi.

We have a NAC appliance system, consisting of one NAC manager and a failover pair of NAC servers. All machines are 3300. It is mostly used to control wireless access to our network with the web login function.

This has worked fine since installation with version 4.1.1, except some Mac and Vista users has had some, for example Safari has users have not been able to log in.

About a week ago I noticed that version 4.1.3 was supposed to fix some problems with some browsers, so I decided to upgrade. I downloaded the cca-upgrade-4.1.3 file from cisco, and uploaded to the manager and servers from the web admin pages. Then I ran the upgrade, first on the manager, then on the servers. Everything seemed to go fine when I checked the logs.

However, after the upgrade users connecting to the net on the unprotected side of the NAC server are not redirected to the login page. Their browser tries to connect to whatever they have as startpage, and then times out.

Machines connected to the protected net get a correct IP, they can look up DNS names, and if they type the name or IP of the login page they get to it, they can login, and then everything works.

I have checked with tcpdump that the first request reaches the active NAC server, but nothing happens. Nothing can be seen in any logs on the server or the manager.

I have checked all the troubleshooting ideas from the manual, the release notes, and the Nac Appliance book, but now I am out of ideas.

Mats L, University West, Sweden

0 Helpful
2 Replies 2

d-simic
Level 1
Level 1

‎02-15-2008 02:32 AM

Hi,

I just ran into similar issues after upgrading to 4.1.3 from 4.1.2. I am going to install the software on the NAC Servers from scratch, hoping to get it going.

Did you find a solution?

Thank you

Darko

0 Helpful

mlejon
Level 1
Level 1
In response to d-simic

‎02-15-2008 02:56 AM

Yes, we found the problem. It seems as if 4.1.3 handles addresses a bit different, so we had to change the configuration a bit.

When you run the NAS as a virtual gateway, you still have to set IP addresses to the "trusted" and "untrusted" interfaces. When we installed 4.1.2 we set up a real address, routed in our network, on the trusted interface, and a private, unrouted, address on the untrusted. When a user connects to the untrusted net and tries to surf, they should be redirected to a login page.

In 4.1.2, I believe that the NAS redirected to the address on the trusted side. In 4.1.3 it seems to redirect to the address on the untrusted side. Since that address is not routed, the client never reaches the login page.

We solved it by setting the same routable address on both the trusted and untrusted side. Since the NAS acts as a bridge when set up as a virtual gateway, this seems to work, even if it is a bit unintuitive.

/ Mats

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card