http redirection not happening to download the Agent

Unanswered Question
Apr 2nd, 2008
User Badges:

Hi,


I have installed CAM & CAS with 4.1.2 & configured everything was working fine.Then I upgraded to 4.1.3 then all the configuration of the CAs had to be done again.After cnfiguring I am facing a problem. When I am bouncing the port the port vlan changes to unauthenticated vlan but its not redirecting to download the Agent. I doubt I have mistaken something in the traffic policy.

Can anyone pls guide me in this regard?


Thanks in advance


Sachi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
varnavsky Wed, 04/02/2008 - 04:16
User Badges:

Hi, Sachi

Client can download caa agent if

1. his credentials are ok

2. in the Device Management > Clean Access > General Setup >Agent Login u have marked

Require use of Clean Access Agent (for Windows & Macintosh OSX only)

sachidananda panda Wed, 04/02/2008 - 23:55
User Badges:

Hi Varnavsky,


Thanks for ur response.


Yes it is marked.

The problem is its not redirecting when you try to access network.Only thing happening is its changing to authentication vlan.Do you think any problem in traffic policy?


Thanks again

Sachi

varnavsky Wed, 04/02/2008 - 04:25
User Badges:

Sachi,

I've a question for you. When the authorized client turns off does your switch port change its vlan from access to autentication?

ramkumar-b Mon, 04/07/2008 - 04:29
User Badges:

1. Can u check whether the SSL Certs are issued to the correct IP addresses?

2. Do u have a Proxy Server for redirection?

then enable proxy IP on the NAS.

3. Is time synchronized betweel all NAC devices?

4. Is name resolution and DNS working fine and configured correctly?

kindly confirm.

sachidananda panda Mon, 04/07/2008 - 23:42
User Badges:

Hi Ram,


Thanks for ur valued response.

I have checked all the issues u have mentioned. Everything is ok. Still its not redirecting to the Agent download page.


Thanks again

Sachi

varnavsky Wed, 04/16/2008 - 04:28
User Badges:

Hi, Sachi.

Can you explain -When I am bouncing the port the port vlan changes to unauthenticated vlan but its not redirecting to download the Agent.

Do you mean that when the pc is in the unauthenticated vlan the caa does not pop-up?

Or smth else?

sachidananda panda Wed, 04/16/2008 - 06:44
User Badges:

HiVarna,


Actualy after taking the port under control when I am trying to access anything it should redirected to CAS to download the agent & install it. This redirection is not happening.


Thanks in advanse for ur response

Sachi

varnavsky Wed, 04/16/2008 - 09:17
User Badges:

Hi.

To get redirection the client should open his web-browser with some url and before this client's pc should get correct ip address, default gw, dns server and may be some other type of data from the dhcp-server.

After this your client sends dns request to the dns which is learned from the dchp server to explore the ip adddress of the web-server.

Your NAC server should pass-through dhcp and dns requests to the servers.

After the client's pc has got the ip-address from the dns it will try to connect to this web-server.

And only then your NAC Server catchs http traffic from the client pc and the client should see the login page asking for his credentials.


Are you sure that your dhcp, dns are correct?

Check them, pls.


To get the login page for credentials you should add it to the NAC Manager through Administration > User Pages > Login Page > Add.


May be this helps you.

Regards

michaudmatthieu Thu, 07/24/2008 - 06:06
User Badges:

I'm facing a similar problem. My DHCP is allocating address and parameters correctly but DNS is unreachable from the untrusted segment. DNS is reachable from the CAS itself but it's not letting it through or relaying from unauthenticated clients. What can I check to figure out what is wrong ? Any help appreciated :)

michaudmatthieu Thu, 07/24/2008 - 06:08
User Badges:

I'm facing a similar problem. My DHCP is allocating address and parameters correctly but DNS is unreachable from the untrusted segment. DNS is reachable from the CAS itself but it's not letting it through or relaying from unauthenticated clients. What can I check to figure out what is wrong ? Any help appreciated :)

michaudmatthieu Thu, 07/24/2008 - 07:12
User Badges:

I got it sorted ! The CAS is forwarding the IP packet containing DNS requests and the DNS server lacked of a route entry back to requester.

Actions

This Discussion